|
Security |
|
|
|
|
|
Security |
|
|
|
|
The Document library module leverages standard document permissions. The following table explains which permissions are required to perform particular actions in the document library. These permissions can be granted to roles globally for all content or for the CMS.File document type, or to particular users or roles on document-level of the library's parent document or each particular document in the library.
Action |
Read |
Modify |
Create |
Delete |
Destroy |
Manage workflow |
Modify permissions |
|
• |
• |
• |
|
|
|
|
|
• |
|
|
|
|
|
• |
|
• |
• |
|
|
|
|
|
|
• |
• |
|
|
|
|
|
|
• |
• |
• |
|
|
|
|
|
• |
• |
• |
|
|
|
|
|
• |
|
|
• |
|
|
|
|
• |
|
|
|
|
|
|
|
• |
• |
|
|
|
|
|
|
• |
|
|
|
|
|
• |
|
• |
• |
|
|
1 |
|
|
|
• |
• |
|
|
|
|
|
|
• |
• |
|
|
|
2 |
|
|
• |
• |
|
|
|
2 |
|
|
• |
• |
|
|
|
• |
|
|
• |
• |
|
|
|
|
|
|
• |
• |
|
|
|
|
|
|
• |
• |
|
|
|
|
|
1 The Destroy permission is required for the user to be able to delete particular versions or the whole version history.
2 For these actions to be available, the user must also be in one of the roles that are allowed to approve/reject the document in the current workflow step or have the Manage workflow permissions for all content.
3 These actions are only available if the workflow applied to the document is configured to use check-in/check-out.
Configuring document-level permissions on the live site
Document-level permissions can be configured directly on the live site. They can be configured either globally for the document library's parent document, which results in the permissions being inherited by the child documents in the library, or separately for each particular document in the library. Permissions can be granted to users or roles. Permissions for group document libraries can also be granted to group members and group roles.
The 
Library permissions action opens a dialog for configuration of the library's parent document permissions, i.e. the permissions that can be inherited by its child documents (the actual documents stored in the library). This dialog is identical to the Permissions section of the CMS Desk -> Content -> Edit -> Properties -> Security dialog for the document. Permissions configured via the web part on the live site will be reflected in this dialog.
By choosing the 
Permissions action from the context menu of a document in the library, the same dialog gets displayed, while this time, permissions are configured just for the particular document. Here again, the permissions configured on the live site will be reflected in the CMS Desk -> Content -> Edit -> Properties -> Security dialog for the document.
Permissions and workflow
Document libraries reflect workflows applied to documents stored in them. Unless the current user has the Modify permission for a document, the currently published version of the document is always displayed to the user. If the document is currently archived or not published, the document is not displayed to the user at all. If the current user does have the Modify permission, the current version of the document (in the current workflow step) is displayed to them.
Please refer to Development -> Workflow and versioning for more information on workflows in Kentico CMS.
Allowed file extensions
When uploading a new document into the document library using the 
New document link or updating a document using the 
Update action (both in the context menu and in the 
Properties dialog), only files with extensions defined in Site Manager -> Settings -> Files -> Upload extensions or in the Allowed extensions property of the FileAttachment field of the CMS.File document type can be uploaded.
Each attempt to upload a file with an extension that is not allowed will result in the error message as displayed in the screenshot below.
Page url: http://devnet.kentico.com/docs/5_5r2/devguide/index.html?document_library_security.htm
