Kentico CMS 7.0 Developer's Guide



Previous topic Next topic Mail us feedback on this topic!  


Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

The Document library module leverages standard document permissions. The following table explains which permissions are required to perform particular actions in the document library. These permissions can be granted to roles globally for all content or for the CMS.File document type, or to particular users or roles on document-level of the library's parent document or each particular document in the library.








Manage workflow

Modify permissions

UploadNew New document





DocumentLibraryPermissions Library permissions






EditLayout Edit






Update Update






Localize Localize





Clone Copy





Delete_Document Delete






DocumentLibrary_FileOpen Open







WidgetClone Properties






DocumentLibrary_FilePermissions Permissions






View Version history






Approve Submit to approval






Approve Approve2






Delete Reject2






DocumentLibrary_Archive Archive





CheckOut Check out3






CheckIn Check in3






UndoCheckout Undo checkout3







1 The Destroy permission is required for the user to be able to delete particular versions or the whole version history.

2 For these actions to be available, the user must also be in one of the roles that are allowed to approve/reject the document in the current workflow step or have the Manage workflow permissions for all content.

3 These actions are only available if the workflow applied to the document is configured to use check-in/check-out.


Configuring document-level permissions on the live site


Document-level permissions can be configured directly on the live site. They can be configured either globally for the document library's parent document, which results in the permissions being inherited by the child documents in the library, or separately for each particular document in the library. Permissions can be granted to users or roles. Permissions for group document libraries can also be granted to group members and group roles.


The DocumentLibraryPermissions Library permissions action opens a dialog for configuration of the library's parent document permissions, i.e. the permissions that can be inherited by its child documents (the actual documents stored in the library). This dialog is identical to the Permissions section of the CMS Desk -> Content -> Edit -> Properties -> Security dialog for the document. Permissions configured via the web part on the live site will be reflected in this dialog.


By choosing the DocumentLibrary_FilePermissions Permissions action from the context menu of a document in the library, the same dialog gets displayed, while this time, permissions are configured just for the particular document. Here again, the permissions configured on the live site will be reflected in the CMS Desk -> Content -> Edit -> Properties -> Security dialog for the document.




Permissions and workflow


Document libraries reflect workflows applied to documents stored in them. Unless the current user has the Modify permission for a document, the currently published version of the document is always displayed to the user. If the document is currently archived or not published, the document is not displayed to the user at all. If the current user does have the Modify permission, the current version of the document (in the current workflow step) is displayed to them.


Please refer to Content management -> Workflow and versioning for more information on workflows in Kentico CMS.


Allowed file extensions


When uploading a new document into the document library using the UploadNew New document link or updating a document using the Update Update action (both in the context menu and in the WidgetClone Properties dialog), only files with extensions defined in Site Manager -> Settings -> System -> Files -> Upload extensions or in the Allowed extensions property of the FileAttachment field of the CMS.File document type can be uploaded.


Each attempt to upload a file with an extension that is not allowed will result in the error message as displayed in the screenshot below.