Permissions

Permissions in BCMS allow fine-grained control over what each user can see and do within your organization. You can define who has access to which templates, media, and other resources, and what actions they’re allowed to perform (read, create, update, delete).


Who can manage permissions?

Only admins can:

  • Manage permissions for any user

  • Promote or demote users to/from admin

  • Create templates, widgets, groups, and API keys

Regular users can only interact with entries and media based on the permissions assigned to them by an admin.


Accessing permissions

To manage permissions:

  1. Go to the Settings page.

  2. Open the Team section.

  3. Click on a team member’s row.

  4. You'll see the Permission policy modal, where you can manage all access levels for that user.


Simple vs. Advanced View

There are two permission modes:

  • Simple view – A quick toggle for giving “full access” to an entire template or to media.

  • Advanced view – Granular controls for can get, can create, can update, and can delete.

Toggle Advanced view to switch between modes.


Media Permissions

You can grant users access to the Media Manager with:

  • Full access (simple view)

  • Or individual actions (advanced view): get, create, update, delete

This is particularly important if your app handles uploads, thumbnails, or renders media dynamically. If a user’s permissions doesn’t include media access, they won’t be able to fetch or manage files through the dashboard.


Template Permissions

Template permissions define what users can do with entries created from specific templates. For each template, you can allow:

  • Can get – View existing entries

  • Can create – Add new entries

  • Can update – Edit existing entries

  • Can delete – Remove entries

This gives you flexibility for setting roles like:

  • Content Editors: get, create, update

  • Reviewers: get only

  • Developers: get, possibly create for testing

You can also set these permissions per API key, which gives you full control over front-end, scripts, or automation tools.


Admin Rights

Admins have full access to everything in your organization and can:

  • View and edit all templates, entries, widgets, groups, media, and API keys

  • Manage team members and change their roles

  • Configure organization-level settings

You should grant admin rights sparingly and only to trusted team members.


Summary

  • Admin – Full access to everything. Can manage users, API keys, templates, widgets.

  • Regular User – Access only what has been granted. Can manage entries and media selectively.

Use permissions to separate concerns between content, development, marketing, and admin teams, while ensuring data safety and structured workflows.