Permissions for access to documents can be configured at three levels:
|1.||Permissions for all content - granted to roles|
|2.||Permissions for document types - granted to roles|
|3.||Document-level permissions - granted to roles or individual users|
Permissions from these three levels are merged together when checking if a user is a permitted to perform an action with a document. For example, to read a document, a user must have the Read permission on at least one of the three levels: either on document-level, or for the document's document type, or for all content.
Permissions for all content
In Site Manger -> Administration -> Permissions, there is a special permission matrix for controlling access to all documents within the content tree. It is the Modules -> Content permission matrix.
The following global permissions can be granted to particular roles:
|•||Read - allows members of the role to view any document in the content tree|
|•||Modify - allows members of the role to modify any document in the content tree|
|•||Check in any document - authorizes user to perform the Check in or Undo check-out actions on the Properties -> Versions tab of a document|
|•||Create - allows members of the role to create any document in the content tree|
|•||Delete - allows members of the role to delete any document in the content tree|
|•||Manage workflow - allows members of the role to approve/reject any document at any workflow step|
|•||Destroy - allows members of the role to destroy any document (delete without undo option)|
|•||Modify permissions - manage local permissions of any document|
|•||Browse tree - allows members of the role to browse the content tree; if not assigned, the Content tab may not be displayed (unless the role has the Read permission for the CMS.Root document type or for the Root document (on document level))|
|•||Design website - allows members of the role to access the Design tab; please note: although users can make changes only to the current website, the changes may affect other websites if they modify a page template shared among multiple websites|
Permissions for document types
Document type permissions allow control of access to all documents of a particular document type in the content tree. These permissions are assigned to roles in Administration -> Permissions, by selecting Permission type: Document types and choosing the document type from the Permission matrix drop-down list. All documents of a type will have access limited by the permissions configured for the document type.
You can grant the following document type permissions to particular roles:
|•||Read - read all documents of this type|
|•||Create - create documents of this type|
|•||Modify - modify all documents of this type|
|•||Delete - delete all documents of this type|
|•||Destroy - destroy all documents of this type|
|•||Browse tree - display child documents of all documents of this type|
|•||Modify permissions - manage local permissions of all documents of this type|
You can also configure permissions on document level, directly in the content tree. These permissions are merged with global permissions for all content (the Content module) and global permissions for document types. Document-level permissions are described in detail on the following page.