Permissions and roles
Studio uses role-based access control to manage who can browse, edit, and manage content. Permissions are assigned via roles at the organisation level, giving you fine-grained control over what each team member can do across your Studio projects.
Permissions
Section titled “Permissions”Each permission controls access to a specific set of Studio capabilities. Roles are composed of one or more of these permissions.
| Permission | Description |
|---|---|
browse_studio |
View collections, entries, media, branches, pull requests, commits, deployments, schemas, and the project file tree |
edit_studio |
Create and update entries, upload media, create branches, create and merge pull requests, detect route patterns, and use the AI assistant inside Studio |
delete_studio |
Delete entries and media files |
manage_studio |
Create and delete preview environments and refresh the cached schema |
API token scopes
Section titled “API token scopes”The Studio HTTP API enforces a matching set of token scopes alongside the user permission. To call the API you need a token whose scopes cover both the role granted to the calling user and the action being attempted.
| Token scope | Pairs with permission | Grants |
|---|---|---|
studio:read |
browse_studio |
All GET endpoints — list/read collections, entries, media, branches, pull requests, commits, deployments, schema, file tree, and single files |
studio:write |
edit_studio |
Create and update entries, upload media, create branches, merge branches, create and merge pull requests, detect route patterns |
studio:delete |
delete_studio |
Delete entry and media endpoints |
studio:admin |
manage_studio |
Create and delete environments, refresh schema |
Built-in roles
Section titled “Built-in roles”Studio ships with four built-in roles that cover the most common team structures. Each role bundles the permissions listed above into a sensible default.
| Role | Permissions | Best for |
|---|---|---|
| Organisation Owner | All permissions | Full platform access |
| Organisation Admin | All permissions | Team administrators |
| Studio Editor | Browse, edit, delete | Content creators and developers |
| Studio Read Only | Browse only | Reviewers and stakeholders |
Assigning roles
Section titled “Assigning roles”Navigate to Team in the dashboard sidebar. Add team members and assign the appropriate Studio role. Members inherit permissions from their role — there is no need to configure individual permissions manually.
Next steps
Section titled “Next steps”- API reference — Explore the Studio API for programmatic access to content and workflows
