File-Specific Permissions

In addition to global permissions, the Content Management Server also has file-specific permissions. These permissions can be granted for each file and determine the authorizations that the members of user groups have with regard to the file. For example, a user must have administration permission for a file to be able to delete it; to be able to change the field values of its draft version, the user requires write permission.

File-specific permissions cannot be granted to individual users but only to user groups. The following permissions can be granted for each file:

  • File Administration (permissionRoot)
    Users to whom this permission has been granted possess all authorizations. The administration permission is required to delete, rename or move files, as well as to unrelease them. As the administrator of a file, you have permission to release it regardless of its workflow status and to sign it in the verification phase even if you are not a member of the user group designated to do so.
  • Read File (permissionRead)
    All access to the file that does not change it.
  • Edit Version (permissionWrite)
    Create a new draft version or edit a draft version (this also includes modifying field values).
  • Create Subfiles (permissionCreateChildren)
    This permission can only be granted for folders. The permission allows its possessor to create subfiles.
  • Read Live Version (permissionLiveServerRead)
    This permission can be used in conjunction with the Portal Manager. Among other features, this CMS component provides document-specific access permissions for the visitors of your website. The groups to which this permission can be granted may be different from those for the other permissions, if this has been configured accordingly by the administrator. If the Read Live Version permission of a file has been assigned to at least one user group, only the respective group members are permitted to access the document concerned. Otherwise, all visitors may access it.

Whether a user can create a file in a folder depends both on their file-specific permissions in the folder and their global permissions. First, the user needs file creation permission in the folder. Users are automatically given this permission if they have administration permission in the folder. If a particular global permission is required to use the format on which the new file is to be based, then the user also requires this permission. Users with global administration permission may use any format.

If a user should be able to create a new file, the same access permissions apply for this file as for the folder containing it. The file inherits the permissions of its folder. If these permissions do not include read and write permissions, the Content Management Server grants the missing file-specific permissions to the user's default group.

Permissions are not inherited retroactively. If, for example, a user is granted the administration permission for the folder containing a file, the permissions the user has with regard to this file remain unaffected by this measure.