Kentico CMS 7.0 Developer's Guide

Security

Security

Previous topic Next topic Mail us feedback on this topic!  

Security

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

The Document library module leverages standard document permissions. The following table explains which permissions are required to perform particular actions in the document library. These permissions can be granted to roles globally for all content or for the CMS.File document type, or to particular users or roles on document-level of the library's parent document or each particular document in the library.

 

Action

Read

Modify

Create

Delete

Destroy

Manage workflow

Modify permissions

UploadNew New document

 

 

 

 

DocumentLibraryPermissions Library permissions

 

 

 

 

 

EditLayout Edit

 

 

 

 

 

Update Update

 

 

 

 

 

Localize Localize

 

 

 

 

Clone Copy

 

 

 

 

Delete_Document Delete

 

 

 

 

 

DocumentLibrary_FileOpen Open

 

 

 

 

 

 

WidgetClone Properties

 

 

 

 

 

DocumentLibrary_FilePermissions Permissions

 

 

 

 

 

View Version history

 

 

1

 

 

Approve Submit to approval

 

 

 

 

 

Approve Approve2

 

 

 

2

 

Delete Reject2

 

 

 

2

 

DocumentLibrary_Archive Archive

 

 

 

 

CheckOut Check out3

 

 

 

 

 

CheckIn Check in3

 

 

 

 

 

UndoCheckout Undo checkout3

 

 

 

 

 

 

1 The Destroy permission is required for the user to be able to delete particular versions or the whole version history.

2 For these actions to be available, the user must also be in one of the roles that are allowed to approve/reject the document in the current workflow step or have the Manage workflow permissions for all content.

3 These actions are only available if the workflow applied to the document is configured to use check-in/check-out.

 

Configuring document-level permissions on the live site

 

Document-level permissions can be configured directly on the live site. They can be configured either globally for the document library's parent document, which results in the permissions being inherited by the child documents in the library, or separately for each particular document in the library. Permissions can be granted to users or roles. Permissions for group document libraries can also be granted to group members and group roles.

 

The DocumentLibraryPermissions Library permissions action opens a dialog for configuration of the library's parent document permissions, i.e. the permissions that can be inherited by its child documents (the actual documents stored in the library). This dialog is identical to the Permissions section of the CMS Desk -> Content -> Edit -> Properties -> Security dialog for the document. Permissions configured via the web part on the live site will be reflected in this dialog.

 

By choosing the DocumentLibrary_FilePermissions Permissions action from the context menu of a document in the library, the same dialog gets displayed, while this time, permissions are configured just for the particular document. Here again, the permissions configured on the live site will be reflected in the CMS Desk -> Content -> Edit -> Properties -> Security dialog for the document.

 

devguide_clip1382

 

Permissions and workflow

 

Document libraries reflect workflows applied to documents stored in them. Unless the current user has the Modify permission for a document, the currently published version of the document is always displayed to the user. If the document is currently archived or not published, the document is not displayed to the user at all. If the current user does have the Modify permission, the current version of the document (in the current workflow step) is displayed to them.

 

Please refer to Content management -> Workflow and versioning for more information on workflows in Kentico CMS.

 

Allowed file extensions

 

When uploading a new document into the document library using the UploadNew New document link or updating a document using the Update Update action (both in the context menu and in the WidgetClone Properties dialog), only files with extensions defined in Site Manager -> Settings -> System -> Files -> Upload extensions or in the Allowed extensions property of the FileAttachment field of the CMS.File document type can be uploaded.

 

Each attempt to upload a file with an extension that is not allowed will result in the error message as displayed in the screenshot below.

 

devguide_clip1463