Managing CMS Asset Security


The CMS provides an interface for managing static content contained in the asset folders and their subfolders.

To access the Assets Manager, click Assets on the CMS client's main toolbar.

Note: To view available asset types, see List of Asset File Types for details.

Security levels

On the Manage Assets dialog, administrators can work in the assets tree to set security on individual asset folders. The following security levels are available:

  • Read Only: At this level, users can see the directory and its contents, and they can link to files within the directory. However, the New Folder, Upload, and Delete buttons will be grayed out. A user with read-only access cannot create new folders within the selected directory, upload to the selected directory, or delete the selected directory.

  • Upload: Users at this level can see the directory and its contents, link to files within the directory, and upload files to the directory. However, the New Folder and Delete buttons will be grayed out, preventing the user from creating new folders within the selected directory or deleting the selected directory.

    When a user at this level uploads a file that has the same name as an existing file in the directory, the name of the newly uploaded file will be modified slightly to prevent the existing file from being overwritten.

  • Full Access: At this level, users have full access to the selected directory. They can create new folders, upload files, and delete folders, provided that these options are enabled. When a user with full access uploads a file that has the same name as an existing file in the directory, the user is prompted to choose between overwriting the existing file and uploading the file with a modified name to prevent the original file from being overwritten.

  • No Access: Users without access can't see the directory. This access level is not set in the drop-down menu and is only assigned to users under a specific set of conditions:

    • The user is not a member of the Administrators group.
    • The user is not a member of any groups associated with the selected folder.
    • The Everyone group is not associated with the folder.

Setting security on an asset folder

To set security on an asset folder, click Assets on the main CMS toolbar. Then, on the Assets Tree, right-click a folder and select Security.

On the Folder Security dialog, you can configure which groups have access to a particular assets folder. To add groups to, or remove groups from, a folder, first uncheck the Inherit security settings... checkbox. 

Click Add, then select a group (or multiple groups) from the Select Access Groups dialog. Click OK.

For each group you added, select a security level. Click Apply to save your changes. 

Permissions on CMS assets

Administrators can give user groups the ability to manage this content by assigning them the following permissions:

  • Allowed to manage asset security: Provides the ability to define security on a group level for the five static directories.
  • Allowed to delete assets: Provides the ability to delete a subdirectory or its contents.
  • Allowed to manage asset folders: Provides the ability to create and delete new folders within the static directories and their subdirectories. A given user’s permissions aggregate the most permissive settings assigned to the groups to which the user belongs.