Kentico CMS 7.0 Context Help

Permission list

Permission list

Previous topic Next topic Mail us feedback on this topic!  

Permission list

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

Here you can assign permissions for chosen modules, document types or custom tables to roles. To do so, you first need to make selection from the following set of drop-down lists:

 

Site - choose the site for which you want to perform the configuration (this option is only available in Site Manger). The (global) option can be selected to configure the permissions of global roles, i.e. those that are not limited to a single site.

Permissions for - using the first drop-down list, choose if you want to configure permissions for a module, a document type or a custom table. Then select the particular module, document type or custom table from the second drop-down list.

Report for user - after choosing a user, a sum of all permissions granted to their roles is displayed in the first line, highlighted in green color. Roles where the selected user is a member are highlighted in yellow color. If you enable the Show only this user's roles check-box, only the yellow roles will be displayed in the matrix.

 

After doing so, you can grant particular permissions to roles using the check-boxes in the permission matrix:

 

allowed - the permission is granted to the role.

denied - the permission is not granted to the role.

 

When performing this task in CMS Desk -> Administration -> Permissions while you are not a global administrator, you may come across the following grayed-out check boxes:

 

alloweddisabled - the permission is granted to the role, while only a global administrator can change it.

denieddisabled - the permission is not granted to the role, while only a global administrator can change it.

 

These grayed-out check-boxes are also accompanied by the globaladmin icon in the heading row of the table, indicating that the permission can only be granted to roles by the global administrator.

 

Document type permissions

 

Document type permissions are applied to a document of the type if no other permissions are set for this particular document in CMS Desk -> Content -> Properties -> Security. The following permissions can be configured for each document type:

 

Read

Allows members of the role to view any document of this type.

Modify

Allows members of the role to edit any document of this type.

Create

Allows members of the role to create documents of this type. With this permission, users must also have the Create document-level permission on parent document under which they want the new document to be created.

Create anywhere

Allows members of the role to create documents of this type anywhere in the content tree, without the need to have the Create document-level permission on the parent document under which they want the new document to be created.

Delete

Allows members of the role to delete any document of this type.

Destroy

Allows members of the role to destroy (delete without the Undo option) any document of this type.

Browse tree

Allows members of the role to see documents found under documents of this type in the content tree.

Modify permissions

Allows members of the role to manage document-level permissions of all document of this type in CMS Desk -> Content -> Edit -> Properties -> Security.

 

These permissions are one of the three levels of document permissions. They are merged with with permissions configured for document types and for particular documents, as described in Developer's Guide -> Development -> Membership -> Permissions -> Document permissions.

 

Custom table permissions

 

The following permissions can be set for each custom table:

 

Create

Allows members of the role to create new records in the table.

Delete

Allows members of the role to delete records from the table.

Modify

Allows members of the role to modify existing records in the table.

Read

Allows members of the role to read data stored in the custom table.

 

Module permissions

 

Most of the modules have the following two permissions:

 

Read

Allows members of the role to access the module's administration interface and view the data in it.

Manage/Modify

Allows members of the role to create, modify and delete data in the module's administration interface.

 

The following modules have different permissions than the two listed above. Click the name of the module to learn about its specific permissions:

 

Bad words

Blogs

Content

Custom tables

Design

E-commerce

Event log

File import

Forms

Newsletters

Project management

Reporting

Staging

Web Analytics