How do User Roles and Permissions Work?

Last Updated: Apr 20, 2018 08:24AM PDT

Mukurtu CMS includes a wide range of user rules so that each user can take appropriate actions, dependent on their role (or roles) within the site as a whole, and more narrowly within individual communities and cultural protocols.

These roles and permissions are not mutually exclusive - authenticated site users may have multiple roles and permissions within communities and cultural protocols, depending on their responsibilities. More information on each role is provided below.

The attached User Roles graphic provides an overview of the privileges of each user role, and the attached Permissions matrix indicates those privileges in depth.

Site-Wide User Roles

Site-Wide User Roles reflect the actions that users can take across the entire site. These include Mukurtu Administrators and Community Administrators are responsible for site and community setup and maintenance; Curators are responsible for managing site-wide collections; and all users with a username and password are Registered Users.

Mukurtu Administrator

Mukurtu Administrators have a lot of site-wide controls at their disposal, but in theory, Administrator responsibilities will fade over time – they are key to setting up the structure of the site, and maintaining user access, but each community will be responsible for managing their own content.
Mukurtu Administrators are responsible for adding and approving new site users, creating the major communities, cultural protocols, and categories, as well as some access to customizing the overall site design.

Community Administrator

Community Administrators have quite a bit of control over their respective communities within the site.
Community Administrators have similar control within their communities as Mukurtu Administrators do across the entire site, but they cannot make site-wide changes like adding new categories.
Most Mukurtu sites will probably have more Community Administrators than Mukurtu Administrators, and they will be more involved in day-to-day work, and less on major maintenance.


Curators are able to create and arrange collections of pre-existing digital heritage items.
Collections are a way to create an exhibit, by gathering together digital heritage items that might be in several different communities and presenting them in another way.

Registered User

Registered site users can view and interact with digital heritage on the site, and that access is managed by the communities and cultural protocols they are members of.
All the previous roles are also by default registered users.

Anonymous User

Anonymous Users may be able to view some of the digital heritage on the site, depending on protocols.
Anonymous Users have no role in content creation or site management - they are just visitors, and can only view content within public protocols.

Community and Cultural Protocol Permissions

Community and Cultural Protocol Permissions reflect the the actions that users can take within each individual community and cultural protocol. Community Managers and Protocol Stewards are responsible for community and cultural protocol setup and maintenance; Contributors are responsible for adding new content; and registered Community Members and Protocol Members are given access to content.

Community Manager

Community Managers can add users of the site as members of their community, and are responsible for creating and managing protocols within their community.

Community Member

Community Members have access to view and content on digital heritage items within a community, managed by their membership in the relevant cultural protocol(s).

Protocol Steward

Protocol Stewards are responsible for the membership of their protocol, can create new protocols and can create and edit all Digital Heritage Items within their protocol.


Contributors can create Digital Heritage Items within their protocol, but cannot edit Digital Heritage Items created by other users.

Protocol Member

Protocol Members can view Digital Heritage Items within their protocol, and comment on those items, but cannot edit items.

Anonymous User

Anonymous Users can only view Digital Heritage Items and comments that are within “Open” protocols.