--- title: "Permissions" slug: "permissions" updated: 2026-04-23T10:26:58Z published: 2026-04-23T10:26:58Z canonical: "documentation.deltatre.com/permissions" --- > ## Documentation Index > Fetch the complete documentation index at: https://documentation.deltatre.com/llms.txt > Use this file to discover all available pages before exploring further. # Permissions In this article, we cover the FORGE capability of assigning permissions to your editorial team. --- ## Overview FORGE works with two levels of permissions: - Action level: What users can do based on the assigned roles. - Visibility level: What users can see based on authorization groups. Authorization groups enable editorial entities — in the FORGE Back Office — and folders and pages — in the Page Builder. Explore [collaborative and tenanted modes](/v1/docs/folders-and-pages#Foldersandpages-Collaborativeandtentantedmodes): Based on the active mode, editorial team members either see or don't see folders and pages they aren't authorized to modify. ## Action-level permissions At the action level, permissions — corresponding to allowed actions — are assigned to users through roles. Roles are either *system* (out-of-the-box and not editable), or *custom*, (created to fit specific needs by leveraging the set of permissions that each app provides). ### Roles explained The **Applications** page lists the apps you can access. Select the vertical three dots to view options and manage roles: ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/image(475).png) The *View Roles* page: ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/image(476).png) Each role has a set of permissions. Each permission is described inside its app. The picture above shows some permissions available in FORGE Back Office. There are system roles — that are out-of-the-box and not editable — and custom roles, like *Contributor*, that you can create to fit your needs. #### Reference scenario Imagine you want to create the following roles for your project: - **Staff editor**: They can create and manage their content in English and define its taxonomy. - **Freelance editor**: They can create and manage their content in French. - **Reviewer**: They can approve the submitted content, change its taxonomy, and publish it. - **Producer**: They can define and control the presentation of the content. ### Assigning roles Once you have defined the roles you need, assign them to the members of your editorial team. The list of users — the editorial team members — is accessible from **Applications → Users:** ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/image(478).png) ## Visibility level permissions At the visibility level, permissions are assigned directly to users. ### Authorization groups explained #### FORGE Back Office In **FORGE → Administration → Configurations → Authorization groups**, create the authorization groups with a description of the content the group can view: ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/21560135867164.png) #### Reference scenario Imagine you want to distinguish the content for *website* and *app*; you'll create two authorization groups: - *content*-*website*: It authorizes viewing content for *website*. - *content*-*app*: It authorizes viewing content for *app*. #### Page Builder In **Page Builder → Authorization Groups**, create your authorization groups. For each authorization group, set which modules, layouts, and pages it makes visible to users who have it assigned: ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/11850714948124.png) In the *Site Items* tab, see which site items require the authorization group — e.g., *presentation-website* — to be visible within the site structure. Site items include pages, folders, and menus. ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/11850675146652.png) #### Reference scenario Imagine you want to distinguish the presentation for *website* and *app*; create two authorization groups: - ***presentation*-*website***: It allows using only the layouts and modules for *website* and accessing only the *website* folder. - ***presentation*-*app***: It enables viewing and use of only the layouts and modules for *app* and accessing only the *app* folder. ### Assigning authorization groups #### FORGE Back Office In *FORGE → Assign Authorization Groups*, assign the authorization groups to every user and set whether the visibility enables actions or is read-only. For administrator users, administrators can see whether the user can or cannot make their content visible to everyone and the authorization groups they have. ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/21560135869596.png) For non-administrator users, administrators can: - Set whether the user can or cannot make their content visible to everyone. ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/21560135870876.png) - Assign authorization groups. ![](https://cdn.document360.io/2e698e3c-4773-44a4-9476-1d05bac85eee/Images/Documentation/21560135871644.png) #### Reference scenario Imagine you want your - Staff editors Anne, Bill, and Carol to view and act on the *website* content - Freelance editors Dan, Emily, and Frank to view and work on the *app* content - Reviewer Luca views and acts on *website* and *app* content You'll assign - Authorization group *content*-*website* to Anne, Bill, and Carol - Authorization group *content*-*app* to Dan, Emily, and Frank - Authorization groups *content*-*website* and *content*-*app* to Luca #### Page Builder Under *Page Builder → Authorization Groups*, assign user authorization groups. #### Reference scenario Let's design the following permissions scenario: - Producer Henry has to develop the presentation of *website* - Producer Ilary has to develop the presentation of *app* - Producer Luca has to check the presentation of *website* and *app* You'll assign: - Authorization group *presentation*-*website* to Henry - Authorization group *presentation*-*app* to Ilary - Authorization groups *presentation*-*website* and *presentation*-*app* to Luca