Permissions for particular document types
Document type permissions allow limiting access to and operations with documents in the content tree. These permissions are assigned to roles in Administration -> Permissions, by selecting Permission type: Document types and choosing the document type from the Permission matrix drop-down list. All documents of a type will have access limited by the permissions configured for the document type.
You can assign roles with the following permissions:
• | Read - read all documents of this type |
• | Create - create documents of this type |
• | Modify - modify all documents of this type |
• | Delete - delete all documents of this type |
• | Destroy - destroy all documents of this type |
• | Browse tree - display child documents of all documents of this type |
• | Modify permissions - manage local permissions of all documents of this type |
Permissions for all content
There is also a special permission matrix for controlling access to all documents within the content tree. It is the Permission type: Modules, Permission matrix: Content matrix. These permissions are then mixed the permissions configured for particular document types.
You can set the following permissions for all content:
• | Browse tree - allows members of the role to browse the content tree; if not assigned, the Content tab may not be displayed (unless the role has the Read permission for the CMS.Root document type or for the Root document (on document-level)) |
• | Check in any document - authorizes user to perform the Check in or Undo checkout actions on the Properties -> Versions tab of a document |
• | Create - allows members of the role to create any document in the content tree |
• | Delete - allows members of the role to delete any document in the content tree |
• | Design web site - allows members of the role to access the Design tab; please note: although the user can make the changes only to the current web site, the changes may affect other web sites if he modifies a page template shared among multiple web sites |
• | Destroy - allows members of the role to destroy any document (delete without undo option) |
• | Manage workflow - allows members of the role to approve/reject any document at any workflow step |
• | Modify - allows members of the role to modify any document in the content tree |
• | Modify permissions - manage local permissions of any document |
• | Read - allows members of the role to view any document in the content tree |
Document-level permissions
You can also set permissions on a document level directly in the content tree. These permissions are combined with global permissions for all content (the Content module) and global permissions for document types. Document-level permissions are described in detail on the following page.
Page url: http://devnet.kentico.com/docs/devguide/index.html?document_type_permissions.htm