Users & Roles
Usage
Users are stored as individual JSON files in content/users/. Passwords are hashed with
bcrypt
and never returned by the API.
| Role | Access |
|---|---|
| Admin | Full access — users, plugins, settings, all content. |
| Manager | Content + structure (navigation, layouts). No users or plugins. |
| Editor | Pages and media only. |
| Subscriber | Read-only access to the API. |
The admin panel uses JWT Bearer tokens. Tokens are stored in the browser and automatically
refreshed.
Sessions expire according to config/auth.json — default is 24 hours.
Views and Actions are pro-only features that require a MongoDB connection. Both roles — Admin and Manager — can create, edit, and run Views and Actions.
| Role | Views | Actions |
|---|---|---|
| Admin | Full access | Full access |
| Manager | Full access | Full access |
| Editor | No access | No access |
| Subscriber | No access | No access |