Page-level permissions (ACLs)

Development model: MVC Portal Engine
Copy to clipboard

You can manage page-level permissions (i.e., permissions for a particular page or a particular website section) in the Pages application on the Properties -> Security tab. Select the appropriate user or role in the box and choose if the permissions are allowed or denied:

  • Allow – the action is allowed for the user or role.
  • Deny – the action is not allowed even if the user or role has the permission assigned on a global level. The Deny option overrides settings for this permission on the other two levels.

Configuring page-level permissions

The following permissions can be allowed or denied:

Full control

Allows the user or members of the role to perform any action with this page.

Read

Allows the user or members of the role to view this page.

Create

Allows the user or members of the role to create new pages under this page.

Modify

Allows the user or members of the role to edit this page.

Delete

Allows the user or members of the role to delete this page.

Destroy

Allows the user or members of the role to destroy this page, i.e., delete without the Undo option.

Browse tree

Allows the user or members of the role to see pages found under this page in the content tree.

Modify permissions

Allows the user or members of the role to manage page-level permissions of this page on the Properties -> Security tab.

Permission inheritance

You will typically need to set up permissions for site sections rather than for particular pages. In this case, you can grant permissions for the section’s parent page and inherit them by all child pages.

Example

Consider the following website structure:

  • Root
    • Home
    • News
    • Products
      • Category 1
      • Category 2

You may want to grant the following permissions to the users:

JohnS

Marketing manager

John can manage all content.

Grant the Full control permission on the root to the user or grant permissions for the CMS Content module to some of the user’s roles.

MarkJ

Product manager

Mark can manage only the pages in the /Products section.

Grant the Browse tree permission on the root to the user so that they can browse the Products section.

Grant the Read, Modify, Create, Delete, Destroy and Browse tree permissions on the /Products page to the user. These permissions are inherited by all child pages under the /Products section.

Note: if you click the /Products/Category 1 page, the Browse tree permission is grayed and disabled. It means that this permission is inherited and cannot be removed - you can only deny the permission (unless you break inheritance - see below).

AliceM

Copy writer

Alice can modify the copy of all pages, but Mark prefers to manage the copy of the /Products section by himself only.

Grant the Read, Modify, Create, Delete and Browse tree permissions for the root to the user.

Go to the /Products page and deny the Modify, Create, Delete permissions to the user so that Alice cannot modify the copy in the /Products section.

It is recommended that you configure local permissions for roles and then only assign users to the appropriate roles. In this example, you would first create roles “Marketing manager”, “Product manager” and “Copy writer” and then configure their permissions.

Copying permissions along with pages

If you copy, move or link a page, its permissions can be transferred along with it. You only need to enable the Copy/Preserve page permissions option in the Copy/move/link page dialog.

This applies only to permissions configured for the particular page - parent or inherited permissions are not transferred. If you leave the option disabled, the copy will inherit permissions from its parent in the target location.

Changing permission inheritance

In case you need to break permission inheritance and configure different permissions for some site section, click Change permission inheritance… link on the Security tab.

If permissions are inherited by the current page, the following two options will be offered:

  • Break inheritance and copy parent permissions - breaks inheritance and adds parent permissions to the page, while original permissions configured for the page are preserved.
  • Break inheritance and remove parent permissions - breaks inheritance and removes all permissions inherited from the parent, while additional permissions configured for the page are preserved.

If you decide to inherit the permissions from the parent again, click the Change permission inheritance… link again. This time, the following two options will be offered:

  • Restore inheritance to parent page permissions (current page only) - makes the current page inherit permissions of the parent page.
  • Recursively restore inheritance to parent page permissions (current and all child pages) - makes the current page and all its child pages inherit permissions of the parent page, while only pages which do not inherit parent permissions are affected by this action.