Kentico CMS 6.0 Developer's Guide

Document-level permissions

Document-level permissions

 Previous topic Next topic Mail us feedback on this topic!  

Document-level permissions

 Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

You can manage document-level permissions (i.e. permissions for a particular document or a particular website section) in CMS Desk -> Content -> Edit -> Properties -> Security. Select the appropriate user or role in the left box. If the user or role is not available in the box, you may need to add them using the Add users or Add roles button. Now you can choose if the permissions should be allowed or denied:

 

Allow - the action will be allowed to the user or role.

Deny - the action will not be allowed even if the user or role has the permission assigned on a global level. I.e. the Deny option overrides settings for this permission on the other two levels.

 

The following permissions can be allowed or denied:

 

Full control

Allows the user or members of the role to perform any action with this document.

Read

Allows the user or members of the role to view this document.

Create

Allows the user or members of the role to create new documents under this document.

Modify

Allows the user or members of the role to edit this document.

Delete

Allows the user or members of the role to delete this document.

Destroy

Allows the user or members of the role to destroy (delete without the Undo option) this document.

Browse tree

Allows the user or members of the role to see documents found under this document in the content tree.

Modify permissions

Allows the user or members of the role to manage document-level permissions of this document in CMS Desk -> Content -> Edit -> Properties -> Security.

 

devguide_clip0824

 

Permission inheritance

 

You will typically need to set up permissions for site sections rather than for particular documents. In this case, you can grant permissions for the section's parent document and inherit them by all child documents.

 

Example

 

Consider a website structure like this:

 

Root

Home

News

Products

Category 1

Category 2

 

You may want to grant the following permissions to the users:

 

JohnS

Marketing manager

John can manage all content.

Grant the Full control permission on the root to the user or grant permissions for the CMS Content module to some of this user's roles.

MarkJ

Product manager

Mark can manage only the documents in the /Products section.

Grant the Browse tree permission on the root to the user so that they can browse the Products section.

 

Grant the Read, Modify, Create, Delete, Destroy and Browse tree permissions on the /Products document to the user. These permissions are inherited by all child documents under the /Products section.

 

Please note that if you click the /Products/Category 1 document, the Browse tree permission is grayed and disabled. It means that this permission is inherited and cannot be removed - you can only deny the permission (unless you break inheritance - see below).

AliceM

Copy writer

Alice can modify the copy of all documents, but Mark prefers to manage the copy of the /Products section by himself only.

Grant the Read, Modify, Create, Delete and Browse tree permissions for the root to the user.

 

Go to the /Products document and deny the Modify, Create, Delete permissions to the user so that Alice cannot modify the copy in the /Products section.

 

Please note: It's recommended that you configure local permissions for roles and then only assign users to the appropriate roles. In this example, you would first create roles "Marketing manager", "Product manager" and "Copy writer" and then configure their permissions.

 

Copying permissions along with documents

 

If you copy, move or link a document, its permissions can be transferred along with it. You only need to enable the Copy/Preserve document permissions option in the Copy/move/link document dialog. This applies only to permissions configured for the particular document - parent or inherited permissions are not transferred. If you leave the option disabled, the copy will inherit permissions from its parent in the target location.

 

devguide_clip1637

 

Changing permission inheritance

 

In case you need to break permission inheritance and configure different permissions for some site section, you need to click Change permission inheritance... link in the Security dialog.
 

devguide_clip1638

 

If permissions are inherited by the current document, the following two options will be offered:

 

Break inheritance and copy parent permissions - breaks inheritance and adds parent permissions to the document, while original permissions configured for the document are preserved.

Break inheritance and remove parent permissions - breaks inheritance and removes all permissions inherited from the parent, while additional permissions configured for the document are preserved.

 

devguide_clip1639

 

If you decide to inherit the permissions from the parent again, click the Change permission inheritance... link again. This time, the following two options will be offered:

 

Restore inheritance to parent document permissions (current document only) - makes the current document inherit permissions of the parent document.

Recursively restore inheritance to parent document permissions (current and all child documents) - makes the current document and all its child documents inherit permissions of the parent document, while only documents which do not inherit parent permissions are affected by this action.

 

devguide_clip1640