Folder permissions
Overview
Folder security is based on four system-provided folder permissions:
No Access
Read-only
Read/write
Full control
Each of these is discussed in detail below.
You can initiate folder permissions management from a folder within the File System Dialog, using the Permissions… command. When you do so, the Folder Permissions modal dialog is displayed.
You may only view the Folder Permissions dialog if you have Read or Read/write access within a folder. You can make changes there if you have Full control access to a folder.
The Folder Permissions dialog contains the following elements:
Header
Contains the following read-only folder information:
Folder name
Folder path
User groups
User groups lists user groups to which explicit permissions have been assigned.
Toolbar
The Toolbar provides access to the following functionality:
Propagate All Permissions: at invocation, a message is displayed advising that this action cannot be undone. This command causes the current user group's permissions to be copied to all descendent folders to which you have Full Control access. Successful completion of propagation is advised via a message. Propagate is only available when no unsaved changes are shown within the Folder Permissions dialog.
User groups list
The user groups list displays the following read-only properties for each listed user group:
Name
Description
Active flag
Actions button: providing access to:
Remove: protected by ‘Are You Sure?’.
An Add Group button is provided at the bottom of the list. Clicking it displays the Choose User Groups dialog, in which you can select the groups to be included in the User Groups list using the checkboxes provided.
Note that organization node user groups are included in the list. This means that you can restrict access to folders within the file system based on users’ organizational node membership; for example, a user associated with the ‘Banking’ node might be precluded from viewing the contents of a folder associated with the ‘Insurance’ node.
‘[Group]’ folder permissions
The list displays the four standard folder access permissions and a description of each. A radio button against each indicates whether the permission has been assigned to the user group selected in the user groups list.
As mentioned above, there are four system-provided folder permissions:
No access: a user group with this permission does not have access to a folder or its contents. The folder cannot be viewed in the File System Dialog. Having the No access permission is equivalent to having no permissions at all.
Read only: a user who belongs to a user group with this permission can view the files within a folder. The user cannot delete files within the folder, nor can he or she rename files within the folder. The user cannot make changes to files saved within the folder using a designer. Similarly, he or she cannot save new files to the folder using a designer. The user cannot rename the folder; nor can he or she delete the folder. Finally, the user cannot manage permissions for the folder.
Read/write: a user who belongs to a user group with this permission can view the files within a folder. The user can delete files within the folder and can rename files within the folder. The user can make changes to files saved within the folder using a designer; similarly, he or she can save new files to the folder using a designer. The user, however, cannot rename the folder; nor can he or she delete the folder. Finally, the user cannot manage permissions for the folder.
Full control: a user who belongs to a user group with this permission can view the files within a folder. The user can delete files within the folder and can rename files within the folder. The user can make changes to files saved within the folder using a designer; similarly, he or she can save new files to the folder using a designer. The user can rename the folder and can delete the folder. Finally, the user can manage permissions for the folder.
Propagate Selected Group Permissions: invocation of this option allows you to propagate the selected group's permissions to all child folders to which you have full control access. Invocation propagates any relaxed permissions in respect of the selected user group only.
Note that, by default, a user group has No access to a folder. Note also that the system-provided System Administrators group always has Full control permission.
If all permissions are unchecked for a user group, changes are applied and the Folder Permissions dialog closed, when the dialog is re-opened, No access permission is assigned to the group.
If you choose to loosen permissions at a folder within a hierarchy (e.g. changing Read only to Full Control), corresponding permissions are also loosened at its folders further up the hierarchy.
The following are displayed at the bottom of the Folder Permissions dialog:
Changes have been made: this message is shown when changes have been made in the Folder Permissions dialog.
Close/Cancel: the text ‘Close’ is displayed until changes are made, in which case it is replaced with ‘Cancel’. Upon invocation, if unsaved changes exist, an ‘Are You Sure?’ dialog is displayed. You may save your changes and close, lose your changes and close or cancel closing the Folder Permissions dialog. If you elect to close the dialog, it is removed from display.
Save: this button saves changes made in the Folder Permissions dialog. Doing so enables the Propagate toolbar button. The dialog remains on display after invocation. The button is only enabled if you have Full control within the current folder.
Save & Close: this button saves changes made in the Folder Permissions dialog and removes the dialog from display. It is only enabled if you have Full control within the current folder.
Note that, following creation of a new folder, it inherits its parent folder's permissions.