Roles & permissions
Blok has three built-in roles:
| Role | Edit content | Comment | Publish | Save drafts | Restore versions |
|---|---|---|---|---|---|
| editor | ✅ | ✅ | ✅ | ✅ | ✅ |
| reviewer | ❌ | ✅ | ❌ | ❌ | ❌ |
| viewer | ❌ | ❌ | ❌ | ❌ | ❌ |
How roles are assigned
Your app decides your role when it mounts the editor. You don’t switch roles from inside the editor UI. If you think your role is wrong, ask your admin.
What each role sees
Editor
Full access. Everything in this documentation applies to you.
Reviewer
You can open the editor and see everything, but:
- Fields in the Edit panel are disabled.
- The Save and Publish buttons are hidden.
- The block palette is hidden — you can’t insert or delete blocks.
- The Comments panel is fully functional — reviewing is your primary job.
A banner at the top of the editor reminds you you’re in review mode.
Viewer
You can read the document but can’t interact with it at all:
- No editing.
- No commenting.
- No versioning.
Viewers typically use the live preview URL instead of the editor itself.
UI vs. backend enforcement
Roles in Blok are UI-only — they control what the editor shows and allows. Your backend must also enforce the same rules on API calls. A reviewer role in the UI doesn’t stop a determined user from calling your save API directly unless you check permissions server-side.