guillotina implements robust ACL security.

An overview of our security features are:

  • Users are given roles and groups
  • Roles are granted permissions
  • Groups are granted roles
  • Roles can be granted to users on specific objects

Requests security

By default request has participation of anonymous user plus the ones added by auth plugins

Databases, Application and static files objects

Databases and static files have a specific permission system. They don’t have roles by default and the permissions are specified to root user

  • guillotina.AddContainer
  • guillotina.GetContainers
  • guillotina.DeleteContainers
  • guillotina.AccessContent
  • guillotina.GetDatabases

Anonymous user has on DB/StaticFiles/StaticDirectories/Application object :

  • guillotina.AccessContent

Roles in guillotina container objects

Defined at:

Container/App Roles


  • guillotina.AccessContent
  • guillotina.ManageAddons
  • guillotina.RegisterConfigurations
  • guillotina.WriteConfiguration
  • guillotina.ReadConfiguration
  • guillotina.ManageCatalog


  • guillotina.DeletePortal

Default roles on Guillotina Container

They are stored in annotations using IRolePermissionMap.

Created objects set the guillotina.Owner role to the user who created it.

Default groups on Guillotina Container



There is a root user who has permissions to all containers:

DB/APP permissions are defined on factory/

The definition of the root user can be found on auth/ Notice how it is assigned to the "Managers" group by default, which in turn has the following hardcoded roles:

  • guillotina.ContainerAdmin
  • guillotina.ContainerDeleter
  • guillotina.Owner
  • guillotina.Member
  • guillotina.Manager

Thus, these are the default roles for the root user.