Object Permissions
Every dotCMS object has its own permissions, which may be either inherited from a parent object or set individually. This reference covers how to view and configure permissions for each permissionable object type. For background on the inheritance model, see Permission Inheritance. For instructions on assigning roles and users to permissions matrices, see Assigning Permissions.
Viewing and Editing Permissions on an Object#
To view the permissions on any object:
- Open the object for editing.
- Select the Permissions tab.
If the object is inheriting permissions from a parent, the Permissions tab indicates which object the permissions are inherited from. If multiple levels of objects are all inheriting, the tab shows which object permissions are ultimately inherited from — tracing all the way up to the System Host if no object in the chain has been individually permissioned.
To break inheritance and set permissions directly on the object, click Permission Individually. All child objects will then inherit from this object rather than its former parent.
To restore inheritance after permissioning individually, click Reset Permissions (available on most object types).
Content#
To view or edit permissions on a content item:
- Go to the Content tab.
- Right-click the content item and select Edit.
- Select the Permissions tab.
Content inherits permissions from one of two sources, depending on the Content Type it belongs to:
- If the Content Type has a Site or Folder field, the content item inherits permissions from the Site or Folder specified in that field.
- If the Content Type does not have a Site or Folder field, the content item inherits permissions from the Content Type itself.
Click Permission Individually to set permissions directly on the content item.
Content Types#
To view or edit permissions on a Content Type:
- Select Content Model → Content Types.
- Click the title of the Content Type.
- Select the Permissions tab.
By default, a Content Type inherits permissions from the Site or folder where it is located. Content Types located on the System Host inherit from the System Host.
Click Permission Individually to set permissions directly on the Content Type.
Permissions Required to Create New Content Types#
To create a new Content Type within a Site or folder, a user must have both of the following on that Site or folder:
- Add Children rights for the Site or folder.
- Edit Permissions rights for Content Types within the Site or folder.
Containers#
To view or edit permissions on a Container:
- Select Site → Containers.
- Click the title of the Container to open it.
- Select the Permissions tab.
Click Permission Individually to set permissions directly on the Container.
Note: File-based Containers are governed by Content/Files rights on the folder where the container files are located, not by Container permissions.
Files#
File Assets are a type of content and are governed by Content/Files rights. To view or edit permissions on a File Asset:
- Open the file from either the Site Browser or Content Search screen.
- Select the Permissions tab.
Files inherit permissions from their parent folder (or from their Site, if no folder in the chain has been individually permissioned). Click Permission Individually to set permissions directly on the file.
Folders#
To view or edit permissions on a folder:
- Go to the Site Browser tab.
- Right-click the folder and select Edit Folder.
- Select the Permissions tab.
Click Permission Individually to set permissions directly on the folder. Individual folder permissions also define the inheritance starting point for all child objects within that folder.
Permissions Required for Folder Operations#
| Operation | Required Permissions |
|---|---|
| Create or rename a folder | Add Children on the parent folder or Site, plus Edit rights for Folders |
| Delete a folder | Edit and Edit Permissions on the folder |
Pages#
To view or edit permissions on a Page:
- Go to the Site Browser tab.
- Right-click the Page and select Page Properties.
- Select the Permissions tab.
Pages inherit permissions from their parent folder (or from their Site, if no folder in the chain has been individually permissioned). Click Permission Individually to set permissions directly on the Page.
Templates#
To view or edit permissions on a Template:
- Select Site → Templates from the navigation sidebar.
- Right-click the Template title and select Edit.
- Select the Permissions tab.
Note: There are two separate Template-related permission types:
- Templates — govern access to Advanced Templates as objects.
- Template-Layouts — govern what users can edit in the Page Editor's layout and content areas when using Standard (Template Designer) Templates.
Both types are typically managed at the Site or System Host level via Role Permissions, but can also be set on individual Templates.
Resetting Template Permissions#
If a Template has been individually permissioned and you wish to restore inheritance, click Reset Permissions.
Note: If neither Permission Individually nor Reset Permissions is displayed, the Template is inheriting permissions but no Template permissions have been set at the Site level yet. To set permissions directly on the Template in this case, assign roles and users from the Permissions tab — the assignment itself breaks inheritance automatically.