Skip to content

Permissions and roles

Studio uses role-based access control to manage who can browse, edit, and manage content. Permissions are assigned via roles at the organisation level, giving you fine-grained control over what each team member can do across your Studio projects.

Each permission controls access to a specific set of Studio capabilities. Roles are composed of one or more of these permissions.

Permission Description
browse_studio View collections, entries, media, branches, pull requests, commits, deployments, schemas, and the project file tree
edit_studio Create and update entries, upload media, create branches, create and merge pull requests, detect route patterns, and use the AI assistant inside Studio
delete_studio Delete entries and media files
manage_studio Create and delete preview environments and refresh the cached schema

The Studio HTTP API enforces a matching set of token scopes alongside the user permission. To call the API you need a token whose scopes cover both the role granted to the calling user and the action being attempted.

Token scope Pairs with permission Grants
studio:read browse_studio All GET endpoints — list/read collections, entries, media, branches, pull requests, commits, deployments, schema, file tree, and single files
studio:write edit_studio Create and update entries, upload media, create branches, merge branches, create and merge pull requests, detect route patterns
studio:delete delete_studio Delete entry and media endpoints
studio:admin manage_studio Create and delete environments, refresh schema

Studio ships with four built-in roles that cover the most common team structures. Each role bundles the permissions listed above into a sensible default.

Role Permissions Best for
Organisation Owner All permissions Full platform access
Organisation Admin All permissions Team administrators
Studio Editor Browse, edit, delete Content creators and developers
Studio Read Only Browse only Reviewers and stakeholders

Navigate to Team in the dashboard sidebar. Add team members and assign the appropriate Studio role. Members inherit permissions from their role — there is no need to configure individual permissions manually.

  • API reference — Explore the Studio API for programmatic access to content and workflows