In addition to global permissions, the Content Management Server also has file-specific permissions. These permissions can be granted for each file and determine the authorizations that the members of user groups have with regard to the file. For example, a user must have administration permission for a file to be able to delete it; to be able to change the field values of its draft version, the user requires write permission.
File-specific permissions cannot be granted to individual users but only to user groups. The following permissions can be granted for each file:
permissionRoot
)permissionRead
)permissionWrite
)permissionCreateChildren
)permissionLiveServerRead
)Whether a user can create a file in a folder depends both on their file-specific permissions in the folder and their global permissions. First, the user needs file creation permission in the folder. Users are automatically given this permission if they have administration permission in the folder. If a particular global permission is required to use the format on which the new file is to be based, then the user also requires this permission. Users with global administration permission may use any format.
If a user should be able to create a new file, the same access permissions apply for this file as for the folder containing it. The file inherits the permissions of its folder. If these permissions do not include read and write permissions, the Content Management Server grants the missing file-specific permissions to the user's default group.
Permissions are not inherited retroactively. If, for example, a user is granted the administration permission for the folder containing a file, the permissions the user has with regard to this file remain unaffected by this measure.