Document-level permissions

  Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic! Mail us feedback on this topic!  

You can manage local permissions (i.e. permissions for particular document or particular site section) in CMS Desk -> Content -> select a document in the content tree -> click Properties -> choose the Security tab.

 

Select the appropriate user or role in the left box. If the user or role is not available in the box, you may need to add them using the Add users or Add roles button. Now you can choose if the permissions should be "allowed" or "denied".

 

If you deny a permission, the action will not be allowed even if the user or role has the permission assigned on a global level, i.e. the Deny option overrides global settings for this permission.

 

You can configure the following permissions:
 

Full control - perform all operations with the document
Read - read document content
Modify - modify document content, check-in, check-out
Create - create new documents under this document
Delete - delete this document
Destroy - destroy this document (without undo option)
Browse tree - unfold the current document and see its child documents
Modify permissions - change document permissions

 

devguide_clip0824

 

 

Permission inheritance

 

You will typically need to set up permissions for site sections, rather than for particular documents. In this case, you grant users with permission for the main section document, such as /products and these permissions are inherited to all child documents.

 

Example

Consider the site structure like this:

 

Root
Home
News
Products
Category 1
Category 2

 

You may want to grant users with following permissions:

 

JohnS

Marketing manager

John can manage all content.

Grant user with Full control permission on the root or grant some of this user's roles with permissions for the CMS Content module.

MarkJ

Product manager

Mark can manage only the documents in the /Products section.

Grant user with Browse tree permission on the root so that he can browse to the Products section.

 

Grant user with Read, Modify, Create, Delete, Destroy and Browse tree permission on the /Products document. These permissions are inherited down to the child documents under the /Products section.

 

Please note that if you click on the /Products/Category 1 document, the Browse tree permission is grayed and disabled. It means this permission is inherited and cannot be removed - you can only deny the permission (unless you break inheritance - see below).

AliceM

Copy writer

Alice can modify the copy of all documents, but Mark prefers to manage the copy of the /Products section by himself only.

Grant user with Read, Modify, Create, Delete and Browse tree permission on the root.

 

Go to the /Products document and deny the Modify, Create, Delete permission for the user so that Alice cannot modify the copy in the /Products section.

 

Please note: It's recommended that you configure local permissions for roles and then only assign users to the appropriate roles. In this example, you would first create roles "Marketing manager", "Product manager" and "Copy writer" and then configure their permissions.

 

Breaking the inheritance

 

In case you need to break the permission inheritance and configure different permissions for some site section, you need to click Change permission inheritance... link in the Security dialog and choose one of the following options:
 

Break inheritance and copy parent permissions - breaks inheritance and the permissions of the selected document are set to a copy of the original permissions.
Break inheritance and remove parent permissions - breaks inheritance and the permissions of the selected document are cleared.

 

Restoring the inheritance

 

If you decide to inherit the permissions from the parent again, click the Change permission inheritance... link in the Security dialog and then clickRestore inheritance to parent document permissions.

Page url: http://devnet.kentico.com/docs/devguide/index.html?document_level_permissions.htm