Managing a blog in Magento 2 might not seem that hard at first. However, before being published blog posts goes through multiple stages: creation, editing, proofreading and publishing.
Sometimes multiple people work on one article. Correspondingly they have different roles and responsibilities.
So, in this article, you're going to learn more about blog access control list and how you can restrict users' access to different blog sections.
To configure the access rights for the blog admin pages:
1. Go to Admin Panel > System > User Roles.
2. Choose the user role you want to change the blog access rights for.
3. In the Role Resources section, you will see the resources tree. Find the Blog sections.
Once you have finished don't forget to press the Save Role button.
With the ACL you can restrict the rights for viewing, editing, deleting blog posts, categories, tags, authors and comments. Besides, you can set additional rights to import the blog and administrate the main blog configurations.
As mentioned before, a lot of people work on one blog post. So, you may need someone to create blog posts and someone to publish them or edit the published blog items (posts, categories, tags, comments, etc.).
For example, you have a writer, who creates and saves but can't post the articles, since there is a proofreader or manager responsible for that. In Magento 2 Blog Plus and Blog Extra edition there is a Save Published option that restricts some users' right to edit already published articles.
Also, we recommend you restrict the Delete option to certain admin roles only.