Tailor now supports permissions +more

With the latest release of v3.0, Tailor blueprints automatically include permissions to manage their content. As a result of this work, the general permission structure has also been improved.

See the Permissions documentation for more details:

Nested Permissions

Permission codes support a nested structure to provide a cleaner interface when selecting permissions. To nest a permission code the “dot” value must be a direct descendant of its parent and unlimited nesting is supported.

In the following example, the manage_entries permission must be granted for the manage_entries.create and manage_entries.publish codes to become available. Visually it is represented like this:

├── manage_entries
|   ├── manage_entries.create
|   └── manage_entries.publish
└── delete_entries

Role Hierarchy

Each role is assigned a ranked position in the backend panel, represented as the sort_order column in the database. This allows a basic organisational structure to be established where users can only manage roles lower than their own role.

In the following example, the Senior Editor can manage all the users, outranking Staff Writer and Fact Checker roles. Whereas, the Fact Checker role cannot see users or manage permissions above them, in the Staff Writer and Senior Editor roles.

  1. Senior Editor
  2. Staff Writer
  3. Fact Checker

If the Manage Admins → Manage Roles permission is granted, users can manage their own users, permissions and roles existing below their current role.


Hey OctoberCMS Team.

So I love the permissions setup! But the media permissions aren’t working no matter how much I try. I’m viewing the permissions part in the “view as role” part of the backend.

1 Like

Hey @artistro08, you’re right. Looks like the permissions were not being checked correctly. It should be fixed in v3.0.39, some more media focused permissions have been added as well.



Sometimes users ask me, if it would be possible to restrict access to editable content for the creator. Maybe it’s interesting to see in Tailor. For example:

User Tim can create new posts and edit the post where he is “author”.

This would add the ability to directly let guest authors into the backend. Just an idea, not sure if this can be a quick-win with the new permission model.

1 Like

Great! We have this idea on our internal tracker too so you can expect it to appear in the near future.