title: User roles
role: manual
tags: #authorization #configuration #manual #security #zettelstore
syntax: zmk
back: 00001006020000 00001010000000 00001012921200
backward: 00001006020000 00001006020400 00001010000000 00001010040200 00001012921200
box-number: 1
copyright: (c) 2020-present by Detlef Stern <ds@zettelstore.de>
created: 20210126175322
forward: 00001006020400 00001010040200 00001010070200
lang: en
license: EUPL-1.2-or-later
modified: 20220214175212
published: 20220214175212
visibility: public

Every user is associated with some basic privileges.
These are specified in the [[user zettel|00001010040200]] with the key ''user-role''.
The following values are supported:
; [!reader|""reader""]
: The user is allowed to read zettel.
This is the default value for any user except the owner of the Zettelstore.
; [!writer|""writer""]
: The user is allowed to create new zettel and to change existing zettel.
; [!creator|""creator""]
: The user is only allowed to create new zettel.
It is also allowed to change its own user zettel.
There are two other user roles, implicitly defined:
; The anonymous user
: This role is assigned to any user that is not authenticated.
Can only read zettel with visibility [[public|00001010070200]], but cannot change them.
; The owner
: The user that is configured to be the owner of the Zettelstore.
Does not need to specify a user role in its user zettel.
Is not restricted in the use of Zettelstore, except when a zettel is marked as [[read-only|00001006020400]].