Ghost Roles and Permissions

Ghost provides a role-based access control system for managing staff who create content, manage settings, and administer the site. Understanding the permission levels is critical for secure, efficient Ghost site management.

Ghost Role Hierarchy

Ghost has five primary staff roles with decreasing levels of access:

1. Owner - Full control, billing access, dangerous operations
2. Administrator - Site management, user invitations, integrations
3. Editor - Content management, publishing, scheduling
4. Author - Create and publish own content
5. Contributor - Write draft content only

Detailed Role Permissions

Owner (Highest Privilege)

The Owner has unrestricted access to all Ghost features and is the only role with billing and deletion capabilities.

Core Permissions:

• All Administrator permissions (below)
• Access billing and subscription management
• Delete the entire Ghost site
• Transfer site ownership to another user
• Manage Ghost(Pro) plan upgrades/downgrades
• Access dangerous settings (permanent data operations)

Access to:

• Settings → General (full access)
• Settings → Membership (full access)
• Settings → Email (full access)
• Settings → Code Injection (full access)
• Settings → Integrations (full access)
• Settings → Labs (full access)
• Settings → Billing (exclusive)
• All content operations

Limitations:

• Only one Owner per Ghost site
• Owner role cannot be removed, only transferred
• Requires two-factor authentication (recommended)

Best Practices:

• Reserve Owner for CEO, CTO, or designated technical lead
• Enable 2FA on Owner account
• Document Owner credentials in secure password manager
• Plan for ownership transfer in case of employee departure
• Never share Owner credentials

When to Use Owner:

• Initial Ghost setup and configuration
• Billing and plan management
• Critical infrastructure changes
• Site migration or deletion
• Integration of third-party services requiring API keys

Administrator

Administrators manage day-to-day operations, staff, and site configuration but lack billing and destructive capabilities.

Core Permissions:

• Invite and manage all staff roles (except Owner transfer)
• Modify site settings (except billing)
• Manage themes and design
• Access code injection
• Configure integrations and webhooks
• Manage tiers and membership settings
• Publish, edit, and delete all content
• Access analytics and reporting
• Manage tags and internal routing

Access to:

• Settings → General (read/write)
• Settings → Membership (read/write)
• Settings → Email (read/write)
• Settings → Design (read/write)
• Settings → Code Injection (read/write)
• Settings → Integrations (read/write)
• Settings → Labs (read/write)
• Settings → Staff (manage users)
• All posts, pages, and content

Cannot Access:

• Settings → Billing
• Site deletion
• Owner transfer
• Ghost(Pro) plan changes

Best Practices:

• Assign to technical leads, CMO, or senior editors
• Limit to 2-3 trusted administrators
• Enable 2FA for all Administrator accounts
• Document changes in shared team notes
• Review Administrator activity quarterly

When to Use Administrator:

• Managing editorial team (inviting/removing staff)
• Implementing tracking codes (GA4, Meta Pixel)
• Configuring email newsletters
• Managing membership tiers and pricing
• Activating or modifying themes
• Setting up integrations (Stripe, Zapier, webhooks)

Common Administrator Tasks:

# Ghost Admin → Settings → Staff
# 1. Invite new author
#    Email: author@company.com
#    Role: Author

# Ghost Admin → Settings → Design
# 2. Upload custom theme
#    Upload theme ZIP, activate

# Ghost Admin → Settings → Code Injection
# 3. Add GA4 tracking
#    Site Header: <script>gtag(...)...</script>

Editor

Editors manage content and editorial workflows but cannot modify site settings or manage users.

Core Permissions:

• Create, edit, publish, and delete all posts and pages
• Manage content scheduling
• Assign content to authors
• Manage tags
• Upload and manage media (images, files)
• Access content analytics
• Edit other authors' drafts and published content
• Feature posts on homepage

Access to:

• Posts (all posts, full access)
• Pages (all pages, full access)
• Tags (create, edit, delete)
• Media library (upload, organize, delete)
• Content settings (publish settings, URL, excerpt, etc.)

Cannot Access:

• Settings menu (any section)
• Staff management (cannot invite or remove users)
• Theme or design changes
• Code injection
• Integrations and webhooks
• Billing or ownership

Best Practices:

• Assign to managing editors, content leads
• Ideal for editorial oversight role
• Can coordinate multi-author publications
• Monitor Editor actions via Ghost activity log
• Grant Editor for content quality control

When to Use Editor:

• Managing editorial calendar
• Reviewing and publishing author submissions
• Coordinating content across multiple authors
• Ensuring content quality and consistency
• Scheduling posts for optimal timing

Editor Workflow Example:

1. Author submits draft post (status: Draft)
2. Editor reviews content
3. Editor adds tags, feature image, excerpt
4. Editor schedules post for publication
5. Post auto-publishes at scheduled time

Author

Authors create and manage their own content but cannot edit others' work or access settings.

Core Permissions:

• Create and edit own posts and pages
• Publish own content immediately
• Delete own unpublished drafts
• Schedule own posts
• Upload media for own posts
• Manage own profile
• View own content analytics

Access to:

• Own posts (create, edit, publish, delete drafts)
• Own pages (create, edit, publish, delete drafts)
• Own media uploads
• Own profile settings
• Content editor

Cannot Access:

• Others' posts or pages (read-only view)
• Settings menu
• Staff management
• Tags (can select existing tags, cannot create/modify)
• Site-wide analytics
• Published content deletion (requires Editor+)

Limitations:

• Cannot edit others' content
• Cannot delete own published posts (only drafts)
• Cannot create or modify tags
• Cannot access site settings
• No user management capabilities

Best Practices:

• Assign to regular content creators, bloggers, writers
• Ideal for freelance contributors with established trust
• Authors should submit drafts for Editor review if quality control needed
• Monitor author activity for policy compliance

When to Use Author:

• Trusted content creators
• Staff writers with publishing autonomy
• Subject matter experts contributing regularly
• Team members creating help documentation

Author Workflow:

1. Create new post
2. Write content in Ghost editor
3. Add title, excerpt, feature image
4. Select tags (from existing tags)
5. Publish immediately or schedule
6. View own analytics

Contributor (Lowest Privilege)

Contributors can write content but cannot publish. All work requires Editor or Admin approval.

Core Permissions:

• Create draft posts and pages
• Edit own drafts
• Upload media for own drafts
• Manage own profile
• View own draft analytics

Access to:

• Own drafts only (create, edit)
• Media uploads (for own content)
• Profile settings

Cannot Access:

• Publish button (all content requires approval)
• Others' posts or drafts
• Published content (even own)
• Settings menu
• Staff management
• Tags (can select, cannot create)
• Site-wide analytics

Limitations:

• Cannot publish - Editor or Admin must publish
• Cannot schedule posts
• Cannot delete published content
• No access to site settings
• Cannot manage other users

Best Practices:

• Assign to new writers, guest contributors, freelancers
• Ideal for untrusted or trial contributors
• Require Editor review before publication
• Use for quality control workflows
• Transition to Author after trust established

When to Use Contributor:

• Guest bloggers
• Freelance writers (untrusted or new)
• Interns or junior staff
• Trial contributors
• External experts providing one-off content

Contributor Workflow:

1. Create new post (automatically Draft)
2. Write content
3. Submit for review (notify Editor)
4. Editor reviews and publishes or requests changes
5. Contributor cannot see published version (limited access)

Ghost Members vs. Staff

Important Distinction:

• Staff Roles (Owner, Admin, Editor, Author, Contributor) - Access Ghost Admin (/ghost)
• Members - Front-end subscribers, no Ghost Admin access

Members are end-users who subscribe to your Ghost site. They can:

• Sign up via Ghost Portal
• Access member-only or paid content (based on tier)
• Subscribe to newsletters
• Comment on posts (if enabled)
• Manage subscription and payment details

Staff are administrators and content creators with Ghost Admin access.

Permission Matrix

Role Selection Guidelines

Choose Owner When:

• Responsible for billing and subscription
• Managing infrastructure and hosting
• Full accountability for site operations
• Performing site migration or deletion

Choose Administrator When:

• Managing editorial team and staff
• Configuring integrations and tracking
• Overseeing membership and tiers
• Handling technical site configuration
• Not requiring billing access

Choose Editor When:

• Managing content quality and publishing
• Coordinating multi-author workflows
• Reviewing and approving submissions
• Not requiring settings or user access

Choose Author When:

• Creating content independently
• Publishing without oversight
• Trusted to maintain brand voice
• Not editing others' content

Choose Contributor When:

• New or untrusted writers
• Guest bloggers or freelancers
• Content requires review before publishing
• Trial period for new staff

Security Best Practices

Role-Based Security

1. Principle of Least Privilege

   • Grant minimum role needed for job function
   • Regularly review and downgrade over-privileged users
   • Remove unused accounts quarterly

2. Two-Factor Authentication

   • Required for: Owner, Administrator
   • Recommended for: Editor, Author
   • Enable: Settings → Staff → User Profile → Enable 2FA

3. Role Audits

   • Monthly review of all staff accounts
   • Verify roles match current responsibilities
   • Document role changes with justification

4. Access Logs

   • Monitor Ghost activity log (Settings → History)
   • Review admin actions monthly
   • Investigate suspicious activity immediately

Ghost(Pro) vs. Self-Hosted

Ghost(Pro):

• Staff management via Ghost Admin only
• No direct server or database access
• Roles enforced by Ghost application layer
• SCIM/SSO available on higher plans

Self-Hosted:

• Direct MySQL/database access possible (bypasses roles)
• Server-level access for Owner equivalent
• Must secure database to enforce Ghost roles
• Can implement custom authentication via Ghost API

Common Role Scenarios

Scenario 1: Small Team (1-3 people)

• 1 Owner - Founder/CEO
• 1 Administrator - CTO or technical lead
• 1-2 Authors - Content creators

Scenario 2: Medium Publication (5-10 people)

• 1 Owner - CEO or designated technical owner
• 2 Administrators - CTO, CMO
• 2 Editors - Managing editors
• 5 Authors - Staff writers

Scenario 3: Large Publication (10+ people)

• 1 Owner - CEO
• 2-3 Administrators - CTO, CMO, Operations
• 3-5 Editors - Editorial leads, section editors
• 10+ Authors - Staff and regular writers
• 5+ Contributors - Freelancers, guest writers

Next Steps

• Adding and Removing Users - Manage Ghost staff
• User Management Overview - User governance and access control
• Ghost Integrations - Configure tracking and tools

Related Resources

• Ghost Staff Documentation
• Ghost Security Best Practices
• Two-Factor Authentication Setup