Kirby's user management is based on a simple role system. By default, Kirby is configured to provide two roles:
Roles can be assigned to the users in the Users section of the Panel.
The Admin role is mandatory and cannot be removed. Users with that role have all permissions, while editors are by default only allowed to edit their own user profile, but not allowed to create, modify or delete other users.
Creating your own roles
You can create your own roles in the
Each role gets its own PHP file, like
<?php return [ 'name' => 'Editor', 'default' => false, 'permissions' => [ ... ] ];
If you want to create roles that are not allowed to access the Panel at all without configuring permissions, use something like this:
<?php return [ 'name' => 'Client', 'default' => false, 'panel' => false ];
name option sets the human-readable name of the role. It is displayed in the role select field on the user forms in the Panel.
default option determines which role is being selected by default when a new user is being created.
Only one role can be the default.
panel option is a shortcut for the
panel.access permission. If you set it to
false, users won't be able to access the Panel at all. This option is useful for pure frontend roles.
permissions option allows you to control the permissions (in the Panel or for your own frontend features) of all users with the role. Learn more about permissions.
Defining simple roles
If your roles are simple and don't have complex permission rules, you can define roles with a config option instead.
This is also the feature you need if you are still using an older Kirby version before Kirby 2.4.
Do not use these role definitions when definining role permissions in
c::set('roles', [ [ 'id' => 'admin', 'name' => 'Admin', 'default' => true, 'panel' => true ], [ 'id' => 'editor', 'name' => 'Editor', 'panel' => true ], [ 'id' => 'client', 'name' => 'Client', 'panel' => false ] ]);