Separate publish/unpublish permissions

We would really benefit from having the ability to define unpublish and publish permissions independently. Publishing an entry causes resources to be created downstream in our system. Unpublishing an entry creates problems that are sometimes difficult to recover from. We would like the ability to prevent entries from being unpublished, but I don’t believe that is possible today - those permissions are tied together.

Unfortunately, this is not supported via the Web App UI; however, you should be able to separate these permissions out when creating/updating a role programmatically. One thing to note is if the UI can’t parse the policy correctly it will just show the JSON blob directly – which will most likely happen in this instance since the UI won’t know how to separate out the publish/unpublish permissions. For context, publish/unpublish were initially combined to reduce the number of rules that users have to define, but I could definitely see how this could cause issues in certain edge cases. Hope this helps!

Thanks for the response.

Are you saying that even if I could accomplish this by programmatically updating the role, it would effectively break the publish button?

Nope, the publish button will definitely stay in tact. The JSON blob will display on the permission configuration screen since the UI does not support the perms being separated out. I would definitely recommend testing this out on a sandbox environment first to ensure it works as you expect :+1:

Apologies, I misunderstood. I’ll definitely give that a shot. Thank you!

Not a problem! Hopefully it fits the bill for you :beers: