Support Home
Documentation
Developers

Articles in this section

Limiting Folder Access to Specific Users

Avatar
Michael Uzquiano
  • Updated

When you create a Project in Cloud CMS, the Project is automatically configured with a Project Users team that grants the Consumer role to any project members.  As a result, any members of the Project will have the ability to see all content within the Project.

For many, this works just fine.  However, there may be cases where you want to limit certain Folders to only be accessible by specific Users.

Let's walk through some steps on how to do this.

 

Change the Project Users team security policy

First, lets change the security policy of the Project Users team so that it doesn't automatically make all content within the project readable.  Log in as a user who has Manager rights over the Project and then do the following:

  1. Click on Manage Project.
  2. Click on Teams.
  3. Click on the "Project Users" team.
  4. Click on Policies.
  5. Click on Add New Item
  6. For the new item, set:
    • Action = Revoke
    • Roles = Consumer
    • Types = Node
  7. Save your Changes
  8. Click Done.

This will make it so that the Project Users team will grant Consumer for everything except Nodes.  In other words, members of your Project will no longer be able to see all content.  You should be able to verify this (if you want) by logging in as a Project member.  They won't be able to see any content.

 

Assign Consumer rights to the repository Root Node

Next, click on Folders on the left-hand menu.  This will take you to the Root Node of the repository.    Then:

  1. Click on the "View Properties..." button.
  2. Click on the Authorities menu option.
  3. Click on Grant Authority.
  4. Use the dialog to specify that the "Project Users" team should be given the Consumer role.
  5. Click on "Grant".

For Step 4, make sure to click on "Show Teams" when picking users or teams.  You can then pick the Project Users team.

With this change in place, you should now be able to log in as a Project member and see content once again.  This is because the Consumer role is being granted to the top level Root folder.  This Consumer authority is then propagated to all child folders by default.

 

Adjust the Child Folder so that it is only visible to a specific User

Next, navigate into a child Folder.  And then:

  1. Click on then "View Properties..." button.
  2. Click on Actions on the document menu.
  3. Under Actions, click on "Disable Inherited Authorities".

This will disconnect the child Folder from the parent or root Folder in terms of propagated authorities.  The parent folder (the root) has full Consumer rights bestowed upon it (by virtue of the previous step).  But by disabling inherited authorities, the child Folder will not receive those rights bestowed over the parent.  In effect, the child Folder's authorities are self-contained or disconnected -- they do not inherit from the parent Folder.

Finally, do the following:

  1. Click on the Authorities menu option.
  2. Click on Grant Authority.
  3. Use the dialog to specify the specific User that should be given the Consumer role.
  4. Click on "Grant".

This will make it so that the child Folder (and its contents) are visible to the specific user (but not to anyone else).

Related articles