You may assign permissions in dotCMS in two different ways:
- Assign permissions to a user or Role, granting rights to access selected Sites, folders, or the System Host.
- Assign permissions to a Site, folder, or object, giving specific users and/or Roles rights to the object.
These are two different views of the same permissions. Although the way the permissions are displayed and assigned using each method is different, the permissions are the same, and the permissions you assign using one method will display (and can be changed) when you view the permissions using the other method.
Assigning Permissions to Users and Roles
When you apply permissions to a user or Role, rights are granted by selecting a Site or folder, and then applying permissions to the Site or folder itself, and specific types of objects within and below the Site or folder.
Each object rights are granted for is displayed in a highlighted row. When you click on any object row, the view expands to show a matrix of permissions for different object types within the parent object (the selected row).
Assigning Permissions to Sites, Folders, and Objects
When you apply permissions to a Site, folder, or object, rights are granted by selecting a user or Role, and then applying permissions to the selected user or Role for the object (Site, folder, etc.) whose permissions are being viewed.
Each user or Role that has rights to the object being viewed is displayed in a highlighted row.
- Sites and folders: When you click a row, the view expands to show a matrix of permissions that the selected user or Role has for different object types within the Site or folder being viewed.
- Other Objects: You may apply permissions for each user or Role to the object by selecting the appropriate check boxes within the highlighted row.
User and Role Permissions Matrix
User and Role permissions are assigned via an object “matrix” that allows you to assign specific rights to specific objects and/or types of objects.
When assigning Permissions, the level of rights granted to a user or role are displayed in columns, and the objects the rights are granted to are in rows. Checking a box grants the user or Role only the rights in the matching column for only the objects in the matching row.
Rights to Grant
The following lists all the possible rights that may be granted to different objects in dotCMS. Note, however, that not all rights are available for all types of objects; checkboxes will be displayed next to a row only when the rights in that column can be applied to that type of object.
|Rights Column||Permissions Granted|
|View||View the Site or folder in the Site Browser, or when selecting from a Site or Folder field on content.|
|Add Children||Add objects within a Host (at the top level) or folder.|
|Edit||Modify an object (but not publish “live” changes to the Site).|
|Publish||Publish objects so that they appear on the live (front-end) Site.|
|Edit Permissions||Change the Permissions settings for the object(s) (both for their own user account and for other users and Roles).|
(only on All Sites)
|Add and edit Vanity URLs (for all Sites on your dotCMS instance).|
Object Type(s) to Grant Rights for
The following table lists all the object types that you can grant a user or Role rights to, and where these rights apply (which levels of the Site and folder hierarchy allow you to assign rights to these types of objects).
|Object Type||Applies To||Objects Rights are Applied To|
both top-level folders (directly under a Site) and sub-folders
|Standard (Template Designer) Templates|
|Content Types||All Sites,|
The Cascade Changes option applies the Permissions changes you've made to both the object whose permissions were changed and all objects below that object in the dotCMS Site and folder hierarchy. This includes child objects (top-level folders of a Site or Pages, files, folders, and content within a folder), grandchild objects (all objects within subfolders), etc.
Do not select the Cascade Changes option unless you are sure you know what you're doing, and you're sure you need it in order for your Permissions to work as expected.
- This option will remove any individually set permissions on all objects below the selected object (including child objects, grand-child objects, etc.), and should only be used when necessary.
- For example, changing permissions for “All Hosts” and cascading changes will overwrite permission settings on every Site.
If you are unsure whether or not you need to cascade changes, update Permissions first without setting the Cascade Changes option and check to see if your users have the access they need. If your users can't access objects as needed, you can later go back and re-apply the permissions with the Cascade Changes selected (after verifying that cascading changes will not remove any individually applied lower level obect permissions).