This dialog allows you to set document-level permissions. These permissions add up with global permissions (for CMS Content module and for particular document types) specified in the Administration module - see Administration Overview.
The user is allowed to read, modify, etc. given document if at least one condition is fulfilled:
The user is member of at least one of the roles that were granted with global permissions for CMS Content module in the Administration module.
The user is member of at least one of the roles that were granted with global permissions for appropriate document type (such as "Article") in the Administration module.
The user or one of the roles the user is member of were granted with document-level "allow" permission for given document. The user or one of the roles the user is member of were NOT granted with document level "deny" permission for given document.
Please note: the Deny permission on the document level does not override the global permissions.
Document-level Permissions
Document-level permissions are very similar to the file system permissions in the Windows NTFS file system. Every document has some Access Control list that contains list of users and roles and their permissions for the given document. The document can also inherit permissions from the parent document(s).
Adding and Removing Users and Roles
You can add or remove users and roles using the Add and Remove buttons. In case the user or role is inherited from the parent document, you cannot remove it in the child document.
Setting permissions
Click on the user or role in the list. The current permissions will be displayed in the Permissions section.
Now you can allow
or deny permission for selected user or role. The Full
Control checkbox checks or un-checks all boxes in the column. Full
Control is actually not a real permission.
Please note that the inherited permissions
are disabled - you cannot modify them. You can only deny permission
on the child document (if it's not denied at the parent document yet).
If you need to completely change the inherited permissions, you may need
to break inheritance (see below).
Click OK to save changes made in the Permissions section.
Standard Document-Level Permissions
Users and roles can be assigned with the following permissions:
Read |
Allows users to read document and its history. |
Modify |
Allows users modify, check out, check in and submit to approval the document. |
Create |
Allows users to create child documents under current document. |
Delete |
Allows users to delete the current document. |
Destroy |
Allows users to destroy the current document. |
Unfold tree |
Allows users to unfold selected document and list its direct child documents. |
Modify permissions |
Allows users to modify permissions for the current document. |
Permission Inheritance
Permission inheritance allows you to inherit permissions from the parent document(s). The inherited permissions cannot be modified (if they're already checked on the parent document). However, you can override the inherited permissions by adding new permissions or denying inherited permissions. You can also add new user or role to the inherited permissions (of the child document).
Breaking Permission Inheritance
If you need to make significant changes to the inherited permissions of the child document, you may need to break permission inheritance. You can do that by clicking on the Change permission inheritance... link and choosing one of the following options:
Break inheritance
and copy parent permissions
- the inheritance will be broken and the selected document will have
its own copy of the parent permissions.
Break inheritance
and remove parent permissions
- the inheritance will be broken and the selected document will not
have any permissions assigned.
Restoring Permission Inheritance
If you have previously broken the permission inheritance, you can restore it by clicking the Change permission inheritance... link and choosing the option Restore inheritance to parent document permissions. In this case, the permissions of the current document will be combined with permissions of the parent document.