Self hosters please update your Firebase security rules if you'd like to enable groups and permissions for your sites. Hosted plans get this feature immediately.
When Webhook launched this Summer one of the most requested features was a way to limit access in the CMS to certain members of your team. Whether it was hiding site configuration settings from a client or blocking publish abilities from freelance writers it was clear site owners wanted more control. Today we're happy to introduce Groups and Permissions to Webhook. Found in the Team Members section of your CMS you can now limit the abilities of individual groups as they use the CMS. It's best explained with this screenshot.
By default Webhook comes with two groups: Owners and Editors (formerly Contributors). Editors have full access to the CMS, minus the configuration and billing pages, while Owners have access to everything. This is exactly how Webhook worked before this change so right now your site should operate exactly the same as it did yesterday.
What's new is that as you build out your CMS with new Content Types you may want to create new groups to limit access to those types. Groups can be named anything ("Client", "Freelancer"...etc) and those group names are only viewable or manageable by owners. These groups can have limited view, draft, publish and delete actions respectively. Users themselves can only be assigned to one group apiece, but groups can contain multiple users.
This change not only changes the display of the CMS, but also alters the security rules for your firebase data as well. This makes it so that the same permission levels of your CMS are carried into your Firebase data schema as well. If you're running a self-hosted version of Webhook, but using our hosted JS files (what we recommend by default), you'll want to make sure to update your Firebase's security & rules file with the one here. Everyone else should already have access to the new features.