Product roles are organization-level roles that control access within a specific Contentstack product, such as the CMS, Assets, or Administration. While Administration roles govern the organization itself, product roles determine what a user can do inside each product they are assigned.
Contentstack provides out-of-the-box product roles for every product. You assign these roles during the user invitation flow, and you can extend them with custom roles when the default roles do not match your access requirements.
A user's effective permissions within a product are determined by the product role assigned at the organization level, combined with any project-level roles assigned for the stacks, spaces, or other projects they can access.
Organization-level product roles set product-wide capabilities. Project-level roles refine access within an individual stack, space, or other projects. Assigning both gives you centralized control with granular, per-project access.
The CMS provides three default organization-level roles.
Assets provides three default organization-level roles.
Additional Resource: For a detailed explanation of how Assets applies roles at the product and space levels, refer to the About Assets Roles documentation.
When the default roles do not match a team's responsibilities, you can create custom organization-level roles for a product through Administration. Custom roles let you select specific permission categories and actions, such as View, Create, Edit, or Delete.
Note: Only organization-level (product-level) custom roles can be created through Administration. Project-level custom roles must be created from the respective project or its per-product settings page.
Additional Resource: To create a custom organization-level role, refer to the Create Custom Roles documentation.