Access Roles
Suggested Entra app roles for Demon Dog Admin. These names are intended to be copied into the Entra app registration and then assigned to users, groups, or automation clients.
Sign in to see the roles currently present in your token.
| Role value | Audience | Purpose | Backend access |
|---|---|---|---|
Admin.FullAccess |
Senior admins | Full administrative access across the platform. | All admin APIs and all admin UI areas. |
Blog.Manage |
Content editors | Create, edit, publish, and manage blog posts, blog categories, authors, and blog-related media. | Blog posts, blog categories, authors, gallery read/use. |
SocialMedia.Manage |
Social media team | Manage social media profiles, categories, generated posts, scheduling, templates, exports, and images. | Social media APIs and social media UI areas. |
Settings.Manage |
Platform operators | Manage sites, languages, shared platform settings, and configuration-like data. | Sites, languages, and shared settings APIs. |
Gallery.Manage |
Media editors | Upload, edit, and organize reusable gallery assets. | Gallery APIs and gallery UI. |
Automation.SocialMedia |
n8n/service principals | Allow trusted automation to create and update social media workflow data without full admin access. | Social media automation APIs only. |
Automation.Blog |
n8n/service principals | Allow trusted automation to generate and update blog drafts, metadata, categories, and tags without full admin access. | Blog automation APIs, preferably draft-only by default. |
Automation.Gallery |
n8n/service principals | Allow trusted automation to upload or register generated media assets used by blog and social workflows. | Gallery/media write APIs only. |
Recommended assignment model
Human users
Create Entra security groups for humans, assign those groups to app roles in the Enterprise Application, and manage membership in Entra.
Automation clients
Assign service principals, such as n8n, only to automation roles. Avoid granting automation clients full human admin access.
Initial Entra app roles
[
{
"allowedMemberTypes": [ "User" ],
"displayName": "Admin Full Access",
"value": "Admin.FullAccess",
"description": "Full administrative access across Demon Dog Admin.",
"isEnabled": true
},
{
"allowedMemberTypes": [ "User" ],
"displayName": "Blog Manage",
"value": "Blog.Manage",
"description": "Manage blog posts, blog categories, authors, and blog-related media.",
"isEnabled": true
},
{
"allowedMemberTypes": [ "User" ],
"displayName": "Social Media Manage",
"value": "SocialMedia.Manage",
"description": "Manage social media profiles, categories, posts, templates, scheduling, and exports.",
"isEnabled": true
},
{
"allowedMemberTypes": [ "User" ],
"displayName": "Settings Manage",
"value": "Settings.Manage",
"description": "Manage sites, languages, and shared platform settings.",
"isEnabled": true
},
{
"allowedMemberTypes": [ "User" ],
"displayName": "Gallery Manage",
"value": "Gallery.Manage",
"description": "Manage reusable gallery assets.",
"isEnabled": true
},
{
"allowedMemberTypes": [ "Application" ],
"displayName": "Automation Social Media",
"value": "Automation.SocialMedia",
"description": "Allow trusted automation clients to call social media workflow APIs.",
"isEnabled": true
},
{
"allowedMemberTypes": [ "Application" ],
"displayName": "Automation Blog",
"value": "Automation.Blog",
"description": "Allow trusted automation clients to generate and update blog draft content and metadata.",
"isEnabled": true
},
{
"allowedMemberTypes": [ "Application" ],
"displayName": "Automation Gallery",
"value": "Automation.Gallery",
"description": "Allow trusted automation clients to upload or register generated media assets.",
"isEnabled": true
}
]