Assigning Permissions - Documentation topics on: object permissions,role permissions,user permissions,.

This documentation is a static copy for this version. For current documentation, see:

Assigning Permissions

You may assign permissions in dotCMS in two different ways:

These are two different views of the same permissions. Although the way the permissions are displayed and assigned using each method is different, the permissions are the same, and the permissions you assign using one method will display (and can be changed) when you view the permissions using the other method.

Assigning Permissions to Users and Roles

You may assign permissions to users via the Users screen and you may assign permissions to Roles via the Roles & Tools screen.

When you apply permissions to a user or Role, rights are granted by selecting a Site or folder, and then applying permissions to the Site or folder itself, and specific types of objects within and below the Site or folder.

Each object rights are granted for is displayed in a highlighted row. When you click on any object row, the view expands to show a matrix of permissions for different object types within the parent object (the selected row).

Assigning Permissions to Sites, Folders, and Objects

You may assign permissions directly to individual Sites, folders, and objects by accessing the object(s) in the Site Browser or the Content Search screen.

When you apply permissions to a Site, folder, or object, rights are granted by selecting a user or Role, and then applying permissions to the selected user or Role for the object (Site, folder, etc.) whose permissions are being viewed.

Each user or Role that has rights to the object being viewed is displayed in a highlighted row.

  • Sites and folders: When you click a row, the view expands to show a matrix of permissions that the selected user or Role has for different object types within the Site or folder being viewed.
  • Other Objects: You may apply permissions for each user or Role to the object by selecting the appropriate check boxes within the highlighted row.

User and Role Permissions Matrix

User and Role permissions are assigned via an object “matrix” that allows you to assign specific rights to specific objects and/or types of objects.

When assigning Permissions, the level of rights granted to a user or role are displayed in columns, and the objects the rights are granted to are in rows. Checking a box grants the user or Role only the rights in the matching column for only the objects in the matching row.

Rights to Grant

The following lists all the possible rights that may be granted to different objects in dotCMS. Note, however, that not all rights are available for all types of objects; checkboxes will be displayed next to a row only when the rights in that column can be applied to that type of object.

Rights ColumnPermissions Granted
ViewView the Site or folder in the Site Browser, or when selecting from a Site or Folder field on content.
Add ChildrenAdd objects within a Host (at the top level) or folder.
EditModify an object (but not publish “live” changes to the Site).
PublishPublish objects so that they appear on the live (front-end) Site.
Edit PermissionsChange the Permissions settings for the object(s) (both for their own user account and for other users and Roles).
Vanity URLs
(only on All Sites)
Add and edit Vanity URLs (for all Sites on your dotCMS instance).

Object Type(s) to Grant Rights for

The following table lists all the object types that you can grant a user or Role rights to, and where these rights apply (which levels of the Site and folder hierarchy allow you to assign rights to these types of objects).

Object TypeApplies ToObjects Rights are Applied To
SitesAll Sites
FoldersAll Sites,
both top-level folders (directly under a Site) and sub-folders
ContainersAll Sites,
TemplatesAll Sites,
Advanced Templates
Template-LayoutsAll Sites,
Standard (Template Designer) Templates
PagesAll Sites,
LinksAll Sites,
Menu Links
Content TypesAll Sites,
Content Types
Content/FilesAll Sites,
Content items
CategoryAll Sites
RulesAll Sites,

Cascade Changes

The Cascade Changes option applies the Permissions changes you've made to both the object whose permissions were changed and all objects below that object in the dotCMS Site and folder hierarchy. This includes child objects (top-level folders of a Site or Pages, files, folders, and content within a folder), grandchild objects (all objects within subfolders), etc.


Do not select the Cascade Changes option unless you are sure you know what you're doing, and you're sure you need it in order for your Permissions to work as expected.

  • This option will remove any individually set permissions on all objects below the selected object (including child objects, grand-child objects, etc.), and should only be used when necessary.
  • For example, changing permissions for “All Hosts” and cascading changes will overwrite permission settings on every Site.

If you are unsure whether or not you need to cascade changes, update Permissions first without setting the Cascade Changes option and check to see if your users have the access they need. If your users can't access objects as needed, you can later go back and re-apply the permissions with the Cascade Changes selected (after verifying that cascading changes will not remove any individually applied lower level obect permissions).