Tinacms User Management: Roles and Permissions | OpsBlu Docs

Tinacms User Management: Roles and Permissions

Manage user roles, permissions, and team access in TinaCMS — step-by-step admin guide.

This section covers user management, roles, and permissions for Tina CMS and associated analytics tools.

Overview

Tina CMS is a headless platform offering user management capabilities for controlling access primarily through API keys and developer credentials. Understanding the user roles, permissions, and access control mechanisms is essential for maintaining security.

As a headless CMS, Tina CMS focuses on API-first access control, emphasizing developer credentials, API key management, and programmatic authentication over traditional content editor roles.

Platform User Management

User Roles and Permissions

Tina CMS provides several user roles:

Administrator

  • Full access to all platform features
  • User and account management
  • System configuration
  • Complete control over content and settings

Editor

  • Create, edit, and publish content
  • Media management
  • Limited system access
  • No user management

Contributor/Author

  • Create and edit own content
  • Approval required for publishing
  • Limited permissions

API Access Roles

  • Developer: Full API access
  • Read-only: Query access only
  • Write access: Content creation via API
  • Environment-specific keys (dev/staging/production)

Accessing User Management

Access user management through:

  1. Log in to admin panel/dashboard
  2. Navigate to Settings or Users section
  3. Manage users, roles, and permissions

Adding and Inviting Users

Creating Users

  1. Access user management
  2. Click Add/Invite User
  3. Enter email and details
  4. Assign role
  5. Send invitation
  6. User completes setup

API Key Management

  1. Generate API key
  2. Set permissions (read/write)
  3. Configure environment
  4. Secure key storage
  5. Implement rotation schedule

Role Assignment

Assign roles by:

  1. Selecting user account
  2. Choosing appropriate role
  3. Configuring permissions
  4. Saving changes

Security Recommendations

Authentication

  1. Strong password policies (12+ characters)
  2. Enable 2FA for all users
  3. Session timeouts
  4. HTTPS only
  5. API key rotation
  6. Rate limiting

Access Control

  1. Principle of least privilege
  2. Regular access audits
  3. Remove inactive accounts
  4. Monitor access logs

Best Practices

  1. Individual accounts (no sharing)
  2. Document all access
  3. Review quarterly
  4. Secure credential storage

Common Issues

Cannot Login

  • Verify credentials
  • Check account status
  • Reset password
  • Clear browser cache

Missing Permissions

  • Verify role assignment
  • Check permission configuration
  • Contact administrator

API Access Issues

  • Verify API key validity
  • Check rate limits
  • Confirm permissions
  • Review endpoint access

Analytics Tool Access

Google Analytics 4

Manage GA4 access in Admin > Account/Property Access Management:

  • Administrator: Full control
  • Editor: Modify configurations
  • Analyst: Create reports
  • Viewer: Read-only access

Google Tag Manager

Manage GTM access in Admin > User Management:

  • Administrator: Full control
  • Publish: Publish changes
  • Approve: Approve changes
  • Edit: Edit tags/triggers
  • Read: View only

Meta Business Manager

Manage access in Business Settings > People:

  • Admin: Full control
  • Employee: Limited access

Best Practices

User Management Strategy

  1. Principle of Least Privilege

    • Grant minimum required access
    • Review permissions regularly
    • Remove unnecessary access

  2. Regular Audits

    • Review accounts quarterly
    • Verify role assignments
    • Document findings

  3. Separate Accounts

    • Individual accounts for each user
    • No shared credentials
    • Clear accountability

  4. Document Access

    • Maintain user registry
    • Track access changes
    • Include contact info

Onboarding

  1. Identify appropriate role
  2. Create account
  3. Provide training
  4. Review after 30 days

Offboarding

  1. Disable account immediately
  2. Transfer content ownership
  3. Remove external access
  4. Document removal

Security Maintenance

  1. Keep platform updated
  2. Monitor access logs
  3. Regular backups
  4. Test recovery procedures

API Security

  1. Rotate keys regularly (90 days)
  2. Use environment-specific keys
  3. Monitor API usage
  4. Implement rate limiting
  5. Secure key storage

By implementing these practices, you can maintain secure and efficient access control for Tina CMS installations and analytics tools.

Back to top