Skip to content
Jetrepo
Esc
navigateopen⌘Jpreview
On this page

Status and access

Look up statuses, perspectives, and public permission names.

Lifecycle, review, and preview are independent state families. Do not infer one from another.

State families

Family Product values API values where different
Content Draft, Published, Changed, Archived As displayed
Release Open, Scheduled, Running, Published, Failed, Rolled back, Archived OPEN, SCHEDULED, RUNNING, PUBLISHED, FAILED, ROLLED_BACK, ARCHIVED
Taxonomy Term Active, Archived ACTIVE, ARCHIVED
Review Configured stage, assignments, approvals, timestamps Workflow-specific
Viewing Published, Draft, Release PUBLISHED, DRAFT, RELEASE
Preview session Draft, Release only DRAFT, RELEASE

Running can be transient. Review readiness never implies Published lifecycle.

Organization permissions

Resource Fixed actions
organization update, delete
member create, update, delete
invitation create, cancel
ac create, read, update, delete
apiKey create, read, update, delete

These actions have Organization scope rather than Backend resource selectors.

Backend permissions

Resource Fixed actions
backend create, read, update, archive, delete
locale read, create, update, delete, reorder
content read, create, update, delete, publish, unpublish, schedule
model read, create, update, delete
vocabulary read, create, update, delete
term read, create, update, delete, move
release read, create, update, delete, execute, schedule, rollback
collaboration read, comment, resolve, moderate, review, configure, override
previewTarget read, create, update, delete
previewSession create, revoke
webhook read, create, update, delete
imagePreset read, create, update, delete
portability read, export, import, createBackend, apply, delete
delivery readSdk, readPublished, readPreview
audit read

PermissionKeys combine the resource and action, for example content.publish.

Scope lookup

Permission group Required scope Optional selector
Backend read, update, archive, delete Backend None
Locale actions Backend Locale for read, update, delete, reorder
Content actions Backend + Data Type Locale for read, create, update
Model actions Backend Data Type for read, update, delete
Vocabulary actions Backend Vocabulary for read, update, delete
Term actions Backend + Vocabulary Locale for read, update
Release and collaboration actions Backend Data Type
Preview session create and revoke Backend Data Type
Preview target, webhook, image preset, Backend portability, and audit actions Backend None
Delivery readSdk, readPublished, readPreview Backend only None

backend.create and portability.createBackend are Organization-level creation actions. For human-backed Backend actions, normal authorization also requires matching backend.read; backend.read itself and the three delivery permissions are the exceptions.

Delivery keys never use Data Type, locale, or Vocabulary scopes. Preview sessions instead recheck the human actor’s previewSession.create, content.read, release.read, and term.read scopes.

Access examples

Action Required access
Fetch published content delivery.readPublished with Backend scope
Create a Draft Preview session previewTarget.read, previewSession.create, and content.read for applicable scopes; release.read for Release preview
Inspect webhook logs webhook.read with Backend scope

Effective access is the union of valid role grants. One role must contain both the PermissionKey and a scope matching the target. Missing scope never means all; there are no deny rules or direct user overrides.

Was this page helpful?