Configuring document permissions

Permissions for access to Kentico documents can be configured at three levels of a three-level permissions hierarchy. Click the links in the Document permission level column to learn more about each of them.

Document permission level	Granted to	Applied to	Configurable in
Permissions for all content	roles	all documents	Permissions application
Permissions for document types	roles	all documents of one particular document type	Permissions application
Document-level permissions (ACLs)	roles or individual users	one particular document	Pages application -> Properties -> Security

Permissions from these three levels are merged together when checking if a user is permitted to perform an action with a document. For example, to read a CMS.News document, a user must have the Read permission on at least one of the three levels: either on the document-level, or for the CMS.News document type, or for all content.

There is also one special setting that allows hiding of documents in the content tree depending on document permissions granted to the current user. See the Hiding documents in the content tree based on permissions for more information on this possibility.