{"section":"announcements","requestedLocale":"en","requestedSlug":"2024-02-02-headless-cms-new-authorization-requirement","locale":"en","slug":"2024-02-02-headless-cms-new-authorization-requirement","path":"docs/en/announcements/2024/february/2024-02-02-headless-cms-new-authorization-requirement.md","branch":"main","content":"As of February 15, all [users](https://developers.vtex.com/docs/guides/api-authentication-using-user-tokens) and [application keys](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys) that need access to Headless CMS will be required to have the `See CMS menu on the top-bar` and `Settings` License Manager [resources](/en/docs/tutorials/license-manager-resources) added to their [user roles](/en/docs/tutorials/roles). For content management in the Headless CMS, they must also have the `CMS GraphQL API` [resource](/en/docs/tutorials/license-manager-resources). This requirement applies to Headless CMS API and VTEX Admin.\n\n## What has changed?\nPreviously, users and application keys could manage store content on Headless CMS\n without having a specific License Manager resource associated with their role.\n\nNow, any request via Headless CMS API or VTEX Admin will authenticate the user and verify if they have the required resources associated with their role.  \nThe `See CMS menu on the top-bar` and `Settings` resources grant access to Headless CMS. For content management, users also need to have the `CMS GraphQL API` resource. Without this resource, users are restricted from content management within the Headless CMS.\n\n## Why did we make this change?\nThis change aims to enhance security and simplify user access to the Headless CMS. This means users have a more controlled and secure environment when managing store content. \n\n## What needs to be done?\nEnsure that Headless CMS users are associated with the `CMS GraphQL API`, `See CMS menu on the top-bar` and `Settings` resources within their user roles by either [creating a new role](#creating-a-new-role) or [editing an existing one](#editing-a-role).\n\n> ⚠️ To manage users and their roles, you need the `Save access profile` resource from the **License Manager** product associated with your user role. For example, the [User Administrator - RESTRICTED](/en/docs/tutorials/predefined-roles#user-administrator-restricted) is a predefined role that has the `Save access profile` resource associated with it.\n\n</div>\n\n### Creating a new role\n\nIf you have not created a specific role for Headless CMS users yet or wish to create one, refer to the [Creating a role](/en/tutorial/roles--7HKK5Uau2H6wxE1rH5oRbc?&utm_source=autocomplete#creating-a-role) guide. Ensure that you associate the role with the `CMS GraphQL API`, `See CMS menu on the top-bar` and `Settings` resources in the **Products and Resources** section.\n\n### Editing a role\n\nIf you need to edit an existing role for Headless CMS users, follow these instructions:\n\n1. Access the VTEX Admin.\n2. Click on your profile avatar on the VTEX Admin top bar, marked by the initial of your email, and click on **Account settings > User roles**.\n3. Click on the **Role name** that the Headless CMS users have assigned to them.\n\n> Given the option to create custom roles, they may differ based on the store's configuration, and each store can define its specific role for Headless CMS users.\n\n4. On the **Edit Role** page, navigate to the **Products and Resources** section.\n5. Locate the **CMS** product and click on it.\n6. Select the `CMS GraphQL API`, `See CMS menu on the top-bar` and `Settings` resources.\n7. Click `Save`."}