The dotCMS permission system enables you to control user access to all dotCMS content and backend functionality through the use of both individual user permissions and Roles assigned to each user.
Access to Content
Each user may only access content or objects in a particular way if they have been assigned a user role that provides the appropriate type of access to that content, or individually granted access to that object. Since permissions provide for many different types of access (e.g. View, Add, Edit, Publish, etc.), you can provide detailed access control to all types of content including simple Content, Content Types, folders and files, Pages, Categories, and more.
To simplify the use of permissions, dotCMS allows you to implement permission inheritance. Child objects may be configured to automatically inherit the permissions of their parent objects, so any new content created in a particular folder automatically receives appropriate permissions.
Using permission inheritance, you can configure your site to automatically assign appropriate permissions to new content. By avoiding the need to permission each object individually, you can allow your content contributors to create content without being concerned about (or aware of) permissions.
Access to Back-end Tools
Role permissions also define which tools a user will be able to see when logging into the back-end. As a result, users with different roles will have a customized backend user experience and see only the tools and dotCMS objects they need to work with and are authorized for. Back-end permissions are completely customizable and access to back-end tools and objects can be changed at any time.
The following examples show typical back-end views for users with different permissions based on the user's assigned roles:
Typical CMS Administrator view of the dotCMS backend
Typical Content Contributor view of the dotCMS backend
It is highly recommended that all administrators familiarize themselves with the following documentation sections before attempting sitewide Permissions setup for users or objects: