Roles allow for grouping users and controlling their access to data within the App and API. As of now, users can only be assigned to a single role, but our system is architected to allow for the merging of multiple roles in the future.
Directus by default has two core roles that are included with each install. These roles can not be removed.
Users with this role have full permissions for all data within the system and are the only ones with access to Admin Settings.
This special role defines what data is accessible without being authenticated. By default, the public role does not have permission to any data. You can not assign users to this role.
You can create any number of additional roles to organize users or limit their access to content. A role can be created by clicking on the "New" button ("+") in the top right of the Roles & Permissions page in the Admin Settings. Roles have the following options:
This is for internal use only. It helps your administrators understand the purpose of each role.
A CSV of IP addresses that are allowed to connect to the API. This can be used to limit access to specific offices, for example.
Directus extends the typical CRUD access control to add even more granularity. To learn more about defining permissions, check out our Permissions Guide.
To delete a role, first remove all its users, then click the Delete button in the header of the Role Detail page.