Granular enterprise access control

Updated

Workspace admins can restrict what team members can edit at the CMS, locale, and page level.

As your team grows, granular access controls let you confidently bring additional team members, contractors, translators, and more into Webflow. Go beyond roles, to not only define what they can do, but also where exactly in the site they can edit. — down to specific CMS collections, locales, and pages.

Note

Granular access controls are only available on specific Enterprise plans and partners.

Granular access controls overview

Granular access controls let site managers layer restrictions on top of site roles. A team member's site role determines what they can do in Webflow — design, edit content, leave comments, and so on. Access controls narrow that further by scoping their editing permissions to specific resources, like a set of CMS collections, a secondary locale, or a page.

These two things work together:

  • Site role — sets the baseline of what a member can do (e.g., Designer, Content editor)
  • Access controls — restrict which resources that member can act on within their role

Access controls are managed per member from Site settings > Site access. When inviting a new team member, you can also configure their access controls during the invite process.

Role behavior with access controls

  • Reviewer — can't edit content in any resource, regardless of access control settings
  • Site manager — always has full access to all resources; access controls don't apply
  • Designer, Marketer, Content editor, or a custom role based on these — access controls can be applied

Available granular access controls

Locale-specific access

Restrict which secondary locales a member can edit. Useful for regional teams or translators who should only edit content in their assigned language or market. Members cannot be restricted to the primary locale only.

Learn more about controlling locale access.

CMS collection-specific access

Restrict which CMS collections a member can edit. Members without access to a collection can still view it in read-only mode, but can't create, edit, or delete items in it.

Learn more about controlling CMS collection access.

Page-specific access

Restrict which pages a member can edit static content on. Members without page access can still view the page and edit dynamic CMS content (if they have CMS access), but can't edit static content, access page settings, or create and merge branches.

Learn more about controlling page access.

Related articles