Define a role with Blueprints
Use Blueprints to define a custom role in code alongside your project's other resources.
Blueprints allow you to define custom roles alongside other resources. Roles are sets of permissions that can be assigned to users and robot tokens. You can even combine roles and robot tokens with Blueprints to provide explicit access in Functions.
This is a paid feature
This feature is available on certain Enterprise plans. Talk to sales to learn more.
In this guide, you’ll define a custom role resource with Blueprints and deploy the blueprint to Sanity.
Experimental feature
This article describes an experimental Sanity feature. The APIs and behavior may change at any time. Follow the changelog for updates.
Prerequisites:
- The latest version of
sanityCLI is recommended to interact with Blueprints. You can always run the latest CLI commands withnpx sanity@latest. - An existing project and a role with permission to edit roles (requires the
sanity-project-rolespermission). - Custom role support was first introduced in
@sanity/blueprintsv0.11.0. We recommend using the latest version of the library.
Initialize a new blueprint
To initialize a blueprint in the current directory, run the command below. Replace the project ID with your own. Skip to the next section if you already have a blueprint set up.
npx sanity@latest blueprints init . --type ts --project-id <project-id> --stack-name production
pnpm dlx sanity@latest blueprints init . --type ts --project-id <project-id> --stack-name production
yarn dlx sanity@latest blueprints init . --type ts --project-id <project-id> --stack-name production
bunx sanity@latest blueprints init . --type ts --project-id <project-id> --stack-name production
Configure the custom resource
Use the defineRole helper to define a custom role resource.
import { defineBlueprint, defineRole } from "@sanity/blueprints"
export default defineBlueprint({
resources: [
defineRole({
name: 'custom-robot-role',
title: 'Custom Robot Role',
appliesToRobots: true,
permissions: [{
name: 'sanity-project-cors',
action: 'create',
}],
})
],
})A full list of available configuration options is available in the reference documentation. You can learn more about the parts that make up a role in the roles and permissions documentation.
Deploy the blueprint
N, deploy the blueprint.
npx sanity blueprints deploy
pnpm dlx sanity blueprints deploy
yarn dlx sanity blueprints deploy
bunx sanity blueprints deploy
Once the deployment finishes, the custom role is active.
If you need to make changes, update the blueprint file (sanity.blueprint.ts) and run the deploy command again.
Remove the custom role resource
To remove a resources created with a blueprint, you need to either:
- Remove the definition from the blueprint, and run the
deploycommand again. - Destroy the blueprint with the
destroycommand.
Destroy will “undeploy” the blueprint and remove the stack, leaving only your local files.
Redeploy a destroyed blueprint
When you run blueprints destroy, it's as if you never used blueprints init during setup. The only difference is you still have all the files in your directory. To use this blueprint again and redeploy it, you'll need to let Sanity know about it. You can do this by running init again:
npx sanity blueprints init
pnpm dlx sanity blueprints init
yarn dlx sanity blueprints init
bunx sanity blueprints init
This launches an editing interface that lets you reconfigure the blueprint, if needed, and it reconnects the blueprint to Sanity. Now you can add more functions or redeploy. Keep in mind that any environment variables added before destroying the blueprint will not carry over.