配置管理员角色 (RBAC)

¥Configuring administrator roles (RBAC)

管理员是 Strapi 应用管理面板的用户。管理员账户和角色通过基于角色的访问控制 (RBAC) 功能进行管理。它可以在管理面板部分找到

¥Administrators are the users of an admin panel of a Strapi application. Administrator accounts and roles are managed with the Role-Based Access Control (RBAC) feature. It is available in the Administration panel section of the

设置子导航。

¥Settings sub navigation.

管理面板部分分为 2 个子部分：角色和用户（参见 管理管理员）。

¥The Administration panel section is divided into 2 sub-sections: Roles and Users (see Managing administrators).

管理面板的角色子部分显示为 Strapi 应用管理员创建的所有角色。

¥The Roles sub-section of Administration panel displays all created roles for the administrators of your Strapi application.

通过该界面，可以：

¥From this interface, it is possible to:

• 创建一个新的管理员角色（参见 创建新角色），

  ¥create a new administrator role (see Creating a new role),

• 删除管理员角色（参见 删除角色），

  ¥delete an administrator role (see Deleting a role),

• 或访问有关管理员角色的信息并对其进行编辑（参见 编辑角色）。

  ¥or access information regarding an administrator role, and edit it (see Editing a role).

默认情况下，为任何 Strapi 应用定义了 3 个管理员角色：

¥By default, 3 administrator roles are defined for any Strapi application:

• 作者：能够创建和管理自己的内容。

  ¥Author: to be able to create and manage their own content.

• 编辑：能够创建内容以及管理和发布任何内容。

  ¥Editor: to be able to create content, and manage and publish any content.

• 超级管理员：能够访问所有功能和设置。这是创建 Strapi 应用时默认归属于第一位管理员的角色。

  ¥Super Admin: to be able to access all features and settings. This is the role attributed by default to the first administrator at the creation of the Strapi application.

创建新角色

¥Creating a new role

在“管理”面板 >“角色”界面的右上角，会显示“添加新角色”按钮。它允许为 Strapi 应用的管理员创建新角色。

¥On the top right side of the Administration panel > Roles interface, an Add new role button is displayed. It allows to create a new role for administrators of your Strapi application.

要创建新角色，请单击“添加新角色”按钮。单击“添加新角色”按钮会将你重定向到角色编辑界面，你可以在其中编辑角色的详细信息并配置其权限（参见 编辑角色）。

¥To create a new role, click on the Add new role button. Clicking on the Add new role button will redirect you to the roles edition interface, where you will be able to edit the role's details and configure its permissions (see Editing a role).

💡 提示

在角色界面中，你可以从表中单击复制按钮

¥In the Roles interface, from the table, you can click on the duplicate button

通过复制现有角色来创建新角色。

¥to create a new role by duplicating an existing one.

删除角色

¥Deleting a role

可以从管理面板 > 角色界面删除管理员角色。但是，只有当它们不再属于 Strapi 应用的任何管理员时，才能将其删除。

¥Administrator roles can be deleted from the Administration panel > Roles interface. However, they can only be deleted once they are no more attributed to any administrator of the Strapi application.

删除角色：

¥To delete a role:

1. 单击删除按钮

   ¥Click on the delete button

在角色记录的右侧。2.

¥on the right side of the role's record. 2. In the deletion window, click on the Yes, confirm button to confirm the deletion.

编辑角色

¥Editing a role

角色编辑界面允许编辑管理员角色的详细信息，以及详细配置 Strapi 应用所有部分的权限。单击编辑按钮后，可以从“管理”面板 >“角色”访问它

¥The role edition interface allows to edit the details of an administrator role as well as configure in detail the permissions to all sections of your Strapi application. It is accessible from Administration panel > Roles either after clicking on the edit button

在角色记录的右侧，或单击“添加新角色”按钮后（参见 创建新角色）。

¥on the right side of a role's record, or after clicking on the Add new role button (see Creating a new role).

✋ 提醒

无法编辑超级管理员角色的权限。所有配置均处于只读模式。

¥It isn't possible to edit the permissions of the Super Admin role. All configurations are in read-only mode.

编辑角色详细信息

¥Editing role's details

管理员角色编辑界面的详细信息区域允许定义角色的名称，并为其提供描述，以帮助其他管理员了解该角色可以访问的内容。

¥The details area of an administrator role editing interface allow to define the name of the role, and to give it a description that should help other administrators understand what the role gives access to.

💡 提示

在右上角，你可以看到一个计数器，指示有多少管理员被赋予了该角色。

¥In the top right corner, you can see a counter indicating how many administrators have been attributed the role.

要编辑角色的详细信息，请按照下表中的说明进行操作：

¥To edit a role's details, follow the instructions from the table below:

角色详情	指示
名称	在文本框中写入角色的新名称。
描述	在文本框中写下角色的描述。

配置角色的权限

¥Configuring role's permissions

管理员角色编辑界面的权限区域允许详细配置管理员可以对 Strapi 应用的任何部分执行哪些操作。它显示为表格，分为 4 类：集合类型、单一类型、插件和设置。

¥The permissions area of an administrator role editing interface allows to configure in detail what actions an administrator can do for any part of the Strapi application. It is displayed as a table, split into 4 categories: Collection types, Single types, Plugins and Settings.

集合型和单品型

¥Collection and Single types

集合类型和单一类型类别分别列出了 Strapi 应用的所有可用集合和单一类型。对于每种内容类型，管理员可以有权执行以下操作：创建、读取、更新、删除和发布。

¥The Collection types and Single types categories respectively list all available collection and single types for the Strapi application. For each content-type, the administrators can have the permission to perform the following actions: create, read, update, delete and publish.

要为角色配置集合或单一类型权限：

¥To configure Collection or Single types permissions for a role:

1. 转到权限表的集合类型或单一类型类别。

   ¥Go to the Collection types or Single types category of the permissions table.

2. 勾选要授予访问权限的内容类型名称左侧的框。默认情况下，可以对内容类型的所有字段执行所有操作。

   ¥Tick the box on the left of the name of the content-type to give access to. By default, all actions can be performed for all fields of the content-type.

3. （可选）取消选中与操作相关的框以阻止你选择的操作。

   ¥(optional) Untick the action-related boxes to prevent actions of your choice.

4. （可选）单击内容类型的名称可显示其完整字段列表。取消选中与字段和操作相关的框以阻止对你选择的字段进行访问和/或操作。如果安装了 国际化插件，还定义应为每个可用区域设置授予哪些权限。

   ¥(optional) Click the name of the content-type to display its full list of fields. Untick the field and action-related boxes to prevent access and/or action for the fields of your choice. If the Internationalization plugin is installed, define also what permissions should be granted for each available locale.

5. 对角色应授予访问权限的每个可用内容类型重复步骤 2 至 4。

   ¥Repeat steps 2 to 4 for each content-type available to which the role should give access.

6. 单击右上角的“保存”按钮。

   ¥Click on the Save button on the top right corner.

插件和设置

¥Plugins and Settings

插件和设置类别均显示 Strapi 应用的每个可用插件或设置的子类别。每个子类别都包含其自己特定的权限集。

¥The Plugins and Settings categories both display a sub-category per available plugin or setting of the Strapi application. Each sub-category contains its own specific set of permissions.

要为角色配置插件或设置权限：

¥To configure plugins or settings permissions for a role:

1. 转到权限表的插件或设置类别。

   ¥Go to the Plugins or Settings category of the permissions table.

2. 单击要配置权限的子类别名称，可显示所有可用权限。

   ¥Click on the name of the sub-category which permissions to configure, to display all available permissions.

3. 勾选角色应授予访问权限的权限框。你可以参考下表了解更多信息和说明。

   ¥Tick the boxes of the permissions the role should give access to. You can refer to the table below for more information and instructions.

Plugins

默认情况下，可以为内容类型生成器、上传（即媒体库）插件、内容管理器和用户权限（即允许管理终端用户的用户和权限插件）配置插件权限。每个插件都有自己特定的权限集。

¥By default, plugins permissions can be configured for the Content-type Builder, the Upload (i.e. Media Library) plugin, the Content Manager, and Users Permissions (i.e. the Users & Permissions plugin allowing to manage end users). Each plugin has its own specific set of permissions.

插件名称	权限
内容发布 （发布）
内容管理者
内容类型构建器
上传 （媒体库）
用户权限

Settings

可以为管理面板主导航中的“常规”>“设置”访问的所有设置配置设置权限：媒体库和 Webhooks（全局设置部分）以及用户和角色（管理面板部分，用于配置 RBAC 功能的设置）。设置权限还允许配置对管理面板的插件和市场部分的访问。每个设置都有其自己特定的权限集。

¥Settings permissions can be configured for all settings accessible from General > Settings from the main navigation of the admin panel: Media Library and Webhooks (Global settings section) and Users & Roles (Administration panel section, to configure the settings of the RBAC feature). Settings permissions also allow to configure access to the Plugins and Marketplace sections of the admin panel. Each setting has its own specific set of permissions.

设置名称	权限
API 令牌
转移令牌
媒体库
国际化
单点登录 Enterprise
插件和市场
网络钩子
用户和角色
查看工作流程 Enterprise

4. 单击右上角的“保存”按钮。

   ¥Click on the Save button on the top right corner.

设置权限的自定义条件

¥Setting custom conditions for permissions

对于每个类别的每个权限，都会显示一个“设置”按钮。它允许通过定义授予管理员权限的附加条件来进一步推动权限配置。有 2 个默认附加条件：

¥For each permission of each category, a Settings button is displayed. It allows to push the permission configuration further by defining additional conditions for the administrators to be granted the permission. There are 2 default additional conditions:

• 管理员必须是创建者，

  ¥the administrator must be the creator,

• 管理员必须具有与创建者相同的角色。

  ¥the administrator must have the same role as the creator.

✏️ 注意

如果事先为你的 Strapi 应用创建了其他自定义条件，则也可以使用这些条件（请参阅 基于角色的访问控制）。

¥Other custom conditions can be available if they have been created beforehand for your Strapi application (see Role-Based Access Control).

设置自定义条件：

¥To set custom conditions:

1. 单击已授予该角色的权限的“设置”按钮。

   ¥Click on the Settings button of the permission already granted for the role.

2. 在“定义条件”窗口中，可以使用特定条件自定义每个可用权限。单击与你要自定义的权限相关的下拉列表。

   ¥In the Define conditions window, each available permission can be customized with a specific condition. Click on the drop-down list related to the permission you want to customize.

3. 为所选权限定义自定义条件。你可以：

   ¥Define the custom condition for the chosen permission. You can either:

   • 勾选默认选项以应用所有可用的附加条件。

     ¥Tick the Default option for all available additional conditions to be applied.

   • 单击箭头按钮

     ¥Click on the arrow button

查看可用的附加条件并仅勾选所选的条件。4.

¥to see the available additional conditions and tick only the chosen one(s). 4. Click on the Apply button.

💡 提示

为权限设置自定义条件后，权限名称和“设置”按钮旁边会显示一个点。

¥Once a custom condition is set for a permission, a dot is displayed next to the permission's name and the Settings button.

✋ 提醒

只能为已勾选授予角色的权限设置自定义条件。如果没有，当单击“设置”按钮时，打开的窗口将保持为空，因为没有可用的自定义条件选项。

¥Custom conditions can only be set for permissions that have been ticked to be granted for the role. If not, when clicking the Settings button, the window that opens will remain empty, as no custom condition option will be available.