Permissions Overview documentation for the dotCMS Content Management System

This document provides an overview and summary of dotCMS Permissions. This document is not a substitute for the full Permissions documentation, and if you are not familiar with Permissions in dotCMS it is strongly recommended that you read through the Permissions documentation in full. However this can be a useful guide for evaluating what level of control dotCMS Permissions provide you, and a helpful reminder (or “cheat sheet”) for those who are experienced with dotCMS.

Object Permissions

  • Every object in dotCMS has its own permissions.
    • This includes all objects from the site itself down to each individual piece of content.
  • Roles and Users
    • Permissions can be assigned to each object for Roles, individual users, or both.
  • Inheritance
    • By default, all objects inherit permissions from the folder they are located in or the Content Type they are an instance of.
      • This continues all the way down to individual content, so by default all individual content items inherit permissions - through their parent objects, grandparent objects, etc. - from the Site.
    • The inheritance of any object may be “broken” by permissioning the object individually.
      • If an object is permissioned individually, any child objects it has will continue inheriting their permissions from that object (unless they are also permissioned individually).
    • Note that Content Types themselves have a location (a Site or Folder) and by default inherit from that location as well.
      • So for purposes of Permissions, a Content Type can be thought of almost as a folder which contains all the content of that Content Type.

Locations

Objects can be contained within three types of locations:

  • Site
    • Can contain Pages, files, folders, and individual content items for some Content Types.
  • Folder
    • Can contain Pages, files, folders, and individual content items for some Content Types.
  • Content Type
    • Although a Content Type is not a folder, for purposes of Permissions it can behave similar to a folder, because content of the Content Type inherits permissions from the Content Type. The general rule is:
      • If a Content Type does have a Site or Folder field, then content of that Content Type inherits Permissions from the Site or Folder where the individual content item is located.
      • If a Content Type does not have a Site or Folder field, then content of that Content Type inherits permissions from the Content Type.

Assignable Rights

Each Role or User may be given rights to perform the following types of actions on objects:

RightDescription
ViewView the object (on both the front-end and back-end) and view the object's properties (on the back-end or via code)
Add ChildrenCreate new objects within the location (a folder or Content Type)
EditModify existing objects (including objects created by other users)
PublishPublish and unpublish objects
Edit PermissionsEdit Permissions on objects.

Assignable Object Types

Rights can be assigned for the following types of objects in each location:

| Object Type | Available For | Description | | Sites | All Sites | Folders | Containers | Templates | Template-Layouts | Pages | Links | Content Types | Content/Files | Category | Rules