Roles
A role is a named bundle of Permissions. Users are assigned one or more roles; their effective permissions are the union of every role they hold.
Roles are the primary unit of authorization in GeoHazardWatch. The per-page rules (Page Private, Author Lock, Page Audience, access) act as overrides on top of the role-based defaults supplied by the global access policies.
Live Role Catalog
The table below is rendered from the live configuration at view time — it reflects the roles configured on this instance right now, not a hand-maintained list.
Available Roles
System and user-defined roles| Role Name | Display Name | Description | Type | Icon |
|---|---|---|---|---|
admin |
Administrator | Full system access to all features | System | |
anonymous |
Anonymous | Public access without authentication | System | |
contributor |
Contributor | Can create and edit pages | System | |
editor |
Editor | Can create, edit, delete, and rename pages | System | |
member |
Member | Community member — same read access as reader, placeholder for community-specific permissions | System | |
reader |
Reader | Read-only access to content | System | |
user-admin |
User Administrator | Can manage users — create, edit, deactivate, delete | System |
Reading the Table
- Role Name — the lowercase identifier used in code, configuration, and the
audience/accessfrontmatter fields - Display Name — how the role appears in admin UI
- Description — short summary of what the role is for
- Type — System roles are defined by GeoHazardWatch itself and cannot be removed; Custom roles are operator-defined
- Icon — the icon used wherever the role is rendered in the UI
How Roles Connect to Permissions
Each role lists a set of Permissions it grants. The mapping is defined in two places, both in the application configuration:
ngdpbase.roles.definitions.<role>.permissions— the inline list on each role definitionngdpbase.access.policies— the global access policies that grant each role its permissions on thepage:*resource
When evaluating whether a user may perform an action on a page, the access-control flow is:
- Tier 0 — if the page is marked Private (
private: true), only the page creator and admins are allowed; everything below is ignored. See Page Private. - Tier 1 — if the page has a per-page override (
audienceoraccess), use it. See Page Audience. - Tier 2 — fall back to the role-based global access policies (the catalog above).
See Also
- Permissions — the catalog of action keys roles can grant
- Page Private — strongest per-page override (Tier 0)
- Page Audience — per-page view-access override (Tier 1)
- Author Lock — per-page edit restriction
No comments yet.