Permissions


Introduction

Permissions are used to manage access to specific resources, such as pages, templates, projects, assets,… Permissions are assigned to user groups, meaning that permissions apply to the members of the user group. As users can be member of multiple user groups, you can create a detailed permission scheme for your installation. Just keep in mind that it is not possible to grant permissions to a specific user.

Permissions inside Kadanza are layered, so you can meticulously craft a fine-grained permission scheme to match your needs.

Permission layers

On a first level, permissions are defined by a user’s role. Users that have the Admin role can access the Admin console and change the configuration of the installation. Aside from the admin console, these users can also manage content in the Core (create pages, add content to pages, set permissions on pages,…). The spaces and pages these admins can access is managed by their assigned user groups. So an admin does has full access by default, his assigned groups determine what he can see and do in Kadanza outside of the Admin console.

Users with the User role don’t have access to the Admin console or the page editor. Their permissions are defined by the assigned user groups.


ℹ️ We are currently working on adding more roles and specific content admin permissions that allow you to fine-grain admin permissions in the Admin console.

Core (CMS)

Permissions in Kadanza Core are pretty straightforward. You can define whether a user in a given user group is allowed to access pages and components on those pages.

By default, pages are visible for any user that has access to the space. By adding one or more user groups to a page/folder, you can limit page/folder visibility to the assigned groups. Once access rights have been set on a folder, all subpages will inherit these access rights. When additional access rights are required, you can update the subpage. Keep in mind that when a user is not allowed to see a folder, none of the subpages will be available, even when specific permissions are set on the subpage.

Other extensions, such as GraFx and Assets, also come with their own permission settings. Keep in mind that since these extensions are placed on a page, the user permissions assigned to such pages will affect the visibility of the extension. By aligning the permission settings for the visibility of pages, content elements, and extensions, you can create a single and smart permission scheme.

ℹ️ Read more about Assets and Layouts permissions here, more detailed information on GraFx permissions can be found here.

Global permissions

As of Q1 2026, Kadnaza is rolling out a global permission system to add more flexibility to the existing permissions. By creating permission groups and combining user groups and fields, admins can create more flexible permission schemes and avoid limitations based on user group assignment caused by restrictive corporate identity providers.

Global Permissions in Kadanza allow organizations to control who can see and perform actions on content resources across the platform. Permissions are managed through Permission Groups, which are assigned to user groups and define access rules for different resources such as Templates, Projects, Production Channels, and Production Outputs.

1. Permissions Overview Page

The Permissions page (Settings → Permissions) shows all configured Permission Groups in your organization.

What You See in the Overview

Each row represents a Permission Group and includes:

  • User Group – The group this permission applies to (e.g., Global Manager, Region Manager).
  • Weight – Priority level (higher number = higher priority).
  • Resource Configurations – A summary of which resources are configured and how many rules apply.

Example Permission Groups

Typical examples may include:

  • Global Manager
  • Region Manager
  • Hotel Manager
  • Restaurant Manager
  • Print Companies
  • Local Teams

Each group can have different levels of access to:

  • Templates
  • Projects
  • Production Channels
  • Production Outputs

Key Actions

  • Add permission group – Create a new rule set.
  • Test permissions – Validate how permissions apply to a specific user.
  • Click a group to edit its configuration.

2. What Is a Permission Group?

A Permission Group defines:

  1. Which User Group it applies to
  2. Which Resources are controlled
  3. Which Actions are allowed
  4. Any field-based visibility rules
  5. Its priority (weight)

Keep in mind: permissions are always assigned to user groups — not individual users.

3. Editing a Permission Group

User Group

Defines which user group this permission applies to.

Weight (Higher = Higher Priority)

This determines which permission rule takes precedence if a user belongs to multiple groups.

Example:

  • Global Manager → Weight 100
  • Region Manager → Weight 90

If a user belongs to both groups, the rule with weight 100 will override the other. So make sure that you can cover all permissions in one group, and you don’t need to assign multiple groups to cover all permissions for a certain user profile.

4. Content Resources

Each Permission Group can define rules for multiple resources.

Supported Resources

  • Template
  • Project
  • Production Channel
  • Production Output

Each resource can be configured independently.

5. Field-Based Visibility Rules

Kadanza supports field-based access control (see “Fields” for more information on creating and managing fields).

This allows you to restrict visibility based on specific fields of type usergroup, such as:

  • Region
  • Brand
  • Business Unit
  • Market
  • Any configured user group type field

Example

For the Project resource:

  • Region = “All values” → user can see all projects that have any region assigned
  • Region = “EMEA only” → user only sees project with the EMEA region assigned

This ensures users only see relevant content.

If no fields are configured, the rule applies to all items of that resource.

6. Allowed Actions

Each resource has specific actions that can be enabled.

Template Actions

  • View
  • Create
  • Update
  • Delete
  • Publish

Project Actions

  • View
  • Create
  • Update
  • Delete
  • Approve
  • Output

Production Channel Actions

  • View
  • Create
  • Update
  • Delete

Production Output Actions

  • View
  • Create
  • Update
  • Delete
  • Approve

Only the selected actions will be available to users in that group.

7. How Permission Priority (Weight) Works

If a user belongs to multiple User Groups:

  • Kadanza evaluates all applicable Permission Groups.
  • The group with the highest weight determines the final access level in case of conflicts.

Best Practice

  • Assign higher weights to broader/global roles.
  • Assign lower weights to local or restricted roles.
  • Avoid overlapping rules where possible.

8. How Permissions Are Evaluated

When a user logs in:

  1. Kadanza identifies all the user groups the user belongs to.
  2. All matching permission groups are evaluated.
  3. The highest-weight rule wins in case of conflict.
  4. Field-based filters determine which items are visible for a user.
  5. Allowed actions determine what the user can do.

9. Best Practices

✔ Use clear naming conventions for Permission Groups

✔ Keep Global roles at higher weight

✔ Use field-based rules instead of creating too many groups

✔ Regularly test permissions using the Test permissions button

✔ Document your permission structure internally

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles