Kontent.ai (Kentico Kontent) Roles & Permissions | OpsBlu Docs

Kontent.ai (Kentico Kontent) Roles & Permissions

Kontent.ai role system -- built-in and custom roles, content type permissions, environment access, and API key management.

Kontent.ai (formerly Kentico Kontent) provides a role-based access control system with environment-level permissions and content type restrictions.

Built-in Roles

Role Manage Project Manage Roles Content Types Create Content Publish Content Manage Assets
Project Manager Yes Yes Yes Yes Yes Yes
Content Manager No No No Yes Yes Yes
Content Creator No No No Yes No Yes
Reviewer No No No Read/Comment No Read

Project Manager

Full administrative control including user management, content type modeling, environment configuration, and all content operations.

Content Manager

Can create, edit, publish, and unpublish content items. Can manage assets. Cannot modify content types or project settings.

Content Creator

Can create and edit content but cannot publish. Items go through workflow for review and publishing.

Reviewer

Read-only access with commenting capability. Cannot create, edit, or publish content.

Custom Roles

Create custom roles via Project Settings > Roles > Create New Role:

// Custom role definition (conceptual - configured via UI)
{
  "name": "Analytics Editor",
  "permissions": {
    "content_types": {
      "landing_page": ["view", "create", "update"],
      "blog_post": ["view"],
      "analytics_config": ["view", "update"]
    },
    "asset_management": "view_only",
    "publishing": false,
    "project_settings": false
  }
}

API Key Types

# Delivery API (read-only, published content, safe for client-side)
curl "https://deliver.kontent.ai/v2/items" \
  -H "Authorization: Bearer YOUR_DELIVERY_KEY"

# Preview API (read-only, draft content, server-side)
curl "https://preview-deliver.kontent.ai/v2/items" \
  -H "Authorization: Bearer YOUR_PREVIEW_KEY"

# Management API (full CRUD, server-side only)
curl -X POST "https://manage.kontent.ai/v2/items" \
  -H "Authorization: Bearer YOUR_MGMT_KEY" \
  -H "Content-Type: application/json"
Key Type Read Published Read Drafts Write Manage Settings
Delivery Yes No No No
Preview Yes Yes No No
Management Yes Yes Yes Yes

Analytics Permissions

Since Kontent.ai is headless, analytics integration happens in your frontend. Use webhooks for content change notifications:

{
  "webhook_url": "https://your-app.com/api/kontent-webhook",
  "triggers": {
    "delivery_api_content_changes": ["publish", "unpublish"]
  }
}

Best Practices

  1. Use Content Creator role for writers and Content Manager for publishing authority
  2. Create custom roles to limit access to specific content types
  3. Use Delivery API keys on client-side, Management API keys only server-side
  4. Set up webhooks to trigger static site rebuilds and analytics updates on publish
  5. Leverage environment separation (Production, Preview, Development) for safe testing
返回顶部