docs: document download-only content-as-code scope for editors

mintlify[bot] · web-flow · commit 2edb6e588ab7 · 2026-05-29T10:54:01.000Z
diff --git a/references/workspace/custom-roles.mdx b/references/workspace/custom-roles.mdx
@@ -103,6 +103,24 @@ Custom roles are assigned at the project level to provide granular access contro
 
 ## Scope reference
 
+### Content-as-code scopes
+
+Two scopes control access to [content as code](/guides/developer/dashboards-as-code), the CLI workflow for managing charts and dashboards as YAML files.
+
+**Download content as code** (`view:ContentAsCode`) lets a user pull existing charts and dashboards as YAML via `lightdash download`. It does not allow pushing changes back.
+
+**Download and upload content as code** (`manage:ContentAsCode`) grants both download and upload. Users with this scope can run `lightdash upload` to overwrite charts and dashboards in the project.
+
+Use **download-only** to let a user pull production YAML for local development, diffing, or inspection without giving them the ability to overwrite production content. Combine with a controlled promotion path (e.g., CI/CD running with a service account that holds the manage scope) so writes only land via the pipeline.
+
+For example, to protect a production project from accidental `lightdash upload` overwrites:
+
+1. Downgrade the user's org role to **Member** or **Viewer** so they don't inherit `manage:ContentAsCode` from their org role.
+2. Create a custom project role with only **Download content as code** enabled (plus whatever else they need).
+3. Assign the custom role to the user on the production project.
+
+The user can now run `lightdash download` against production but will get a `403` on `lightdash upload`.
+
 ### SQL-related scopes
 
 Three scopes control different SQL-authoring features. They are independent — granting one does not grant the others.
diff --git a/references/workspace/roles.mdx b/references/workspace/roles.mdx
@@ -35,7 +35,8 @@ Project Admins can invite users to their project and assign users or [groups](/r
 | Manage project access and permissions                    | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
 | Delete project                                           | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
 | Create a preview project                                 | <Icon icon="square-check" iconType="solid" /> | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
-| Use dashboards as code (CLI)                             | <Icon icon="square-check" iconType="solid" /> | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
+| Download content as code (CLI)                           | <Icon icon="square-check" iconType="solid" /> | <Icon icon="square-check" iconType="solid" /> | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
+| Upload content as code (CLI)                             | <Icon icon="square-check" iconType="solid" /> | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
 | Rename models, dimensions, and metrics (CLI and UI)      | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
 
 
@@ -54,7 +55,8 @@ Organization Admins can assign roles to organization members, which gives access
 | Admin for **all** projects                 | <Icon icon="square-check" iconType="solid" /> | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        |
 | Invite users to organization               | <Icon icon="square-check" iconType="solid" /> | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        |
 | Manage organization access and permissions | <Icon icon="square-check" iconType="solid" /> | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        | <Icon icon="xmark" iconType="solid" />        |
-| Use dashboards as code (CLI)                         |      <Icon icon="square-check" iconType="solid" />       |        <Icon icon="square-check" iconType="solid" />         |       <Icon icon="xmark" iconType="solid" />        |             <Icon icon="xmark" iconType="solid" />              |       <Icon icon="xmark" iconType="solid" />        |
+| Download content as code (CLI)                       |      <Icon icon="square-check" iconType="solid" />       |        <Icon icon="square-check" iconType="solid" />         |      <Icon icon="square-check" iconType="solid" />       |             <Icon icon="xmark" iconType="solid" />              |       <Icon icon="xmark" iconType="solid" />        |
+| Upload content as code (CLI)                         |      <Icon icon="square-check" iconType="solid" />       |        <Icon icon="square-check" iconType="solid" />         |       <Icon icon="xmark" iconType="solid" />        |             <Icon icon="xmark" iconType="solid" />              |       <Icon icon="xmark" iconType="solid" />        |
 | Rename models, dimensions, and metrics (CLI and UI)      | <Icon icon="square-check" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" /> |     <Icon icon="xmark" iconType="solid" />    |     <Icon icon="xmark" iconType="solid" />    |
 
 
