Tinacms Roles and Permissions Guide | OpsBlu Docs

Tinacms Roles and Permissions Guide

TinaCMS access control -- Git-based permissions, Tina Cloud roles, and editorial workflow configuration.

TinaCMS is a Git-backed headless CMS. Its permission model depends on whether you use Tina Cloud (hosted) or self-hosted TinaCMS.

Tina Cloud Roles

Role Edit Content Manage Schema Manage Team Admin Settings Git Access
Admin Yes Yes Yes Yes Full
Editor Yes No No No Via Tina Cloud

Admin

Full control over the Tina Cloud project including team management, schema configuration, and content editing.

Editor

Can edit content through the Tina visual editor. Cannot modify the schema, manage team members, or access project settings.

Git-Based Permissions

Since TinaCMS stores content in Git, permissions also depend on your Git provider:

# Example: GitHub repository permissions affecting TinaCMS
# GitHub repo settings > Collaborators
#
# Admin: Can push to main, manage settings, deploy
# Write: Can push to branches, create PRs
# Read: Can view content, fork for PRs
#
# TinaCMS editorial workflow creates PRs for content changes
# when editors don't have direct push access to main

Schema-Level Access Control

TinaCMS defines content models in tina/config.ts. Access is controlled at the collection level:

// tina/config.ts
import { defineConfig } from 'tinacms';

export default defineConfig({
  branch: process.env.NEXT_PUBLIC_TINA_BRANCH || 'main',
  clientId: process.env.NEXT_PUBLIC_TINA_CLIENT_ID!,
  token: process.env.TINA_TOKEN!,
  build: {
    outputFolder: 'admin',
    publicFolder: 'public',
  },
  schema: {
    collections: [
      {
        name: 'post',
        label: 'Blog Posts',
        path: 'content/posts',
        // All editors can access this collection
        fields: [
          { type: 'string', name: 'title', label: 'Title', isTitle: true, required: true },
          { type: 'rich-text', name: 'body', label: 'Body', isBody: true },
        ],
      },
      {
        name: 'settings',
        label: 'Site Settings',
        path: 'content/settings',
        // Only admins should edit this (enforced via Git branch protection)
        fields: [
          { type: 'string', name: 'ga_id', label: 'GA4 Measurement ID' },
          { type: 'string', name: 'gtm_id', label: 'GTM Container ID' },
        ],
      },
    ],
  },
});

Analytics Permissions

Analytics configuration in TinaCMS is typically a content field that editors can modify, or a code-level configuration that requires developer access:

// Use a "settings" collection to let admins configure analytics via the CMS
// Then reference it in your site template

Best Practices

  1. Use Git branch protection to enforce review workflows for content changes
  2. Store analytics configuration as a TinaCMS collection field for admin-managed values
  3. Use Tina Cloud's Editor role for content-only contributors
  4. Keep schema changes (tina/config.ts) restricted to developers with Git write access
  5. Enable the editorial workflow for PR-based content review
शीर्ष पर वापस जाएँ