Last Updated: Nov 9, 2021
documentation for the dotCMS Content Management System

The dotCMS permission system enables you to control user access to all dotCMS content and backend functionality through the use of both individual user permissions and Roles assigned to each user.

It is highly recommended that all administrators familiarize themselves with each of the documents in this section before attempting sitewide Permissions setup for users or objects.

Access to Content

Each user may only access content or objects in a particular way if they have been assigned a user Role that provides the appropriate type of access to that content, or individually granted access to that object. Since permissions provide for many different types of access (e.g. View, Add, Edit, Publish, etc.), you can provide detailed access control to all types of content including simple Content, Content Types, folders and files, Pages, Categories, and more.

Permission Inheritance

To simplify the use of permissions, dotCMS allows you to implement permission inheritance. Child objects may be configured to automatically inherit the permissions of their parent objects, so any new content created in a particular folder automatically receives appropriate permissions.

Using permission inheritance, you can configure your site to automatically assign appropriate permissions to new content. By avoiding the need to permission each object individually, you can allow your content contributors to create content without being concerned about (or aware of) permissions.

Access to Back-end Tools

Role permissions also define which Tools a user will be able to see when logging into the back-end. As a result, users with different Roles will have a customized backend user experience and see only the tools and dotCMS objects they need to work with and are authorized for. Back-end permissions are completely customizable and access to back-end Tools and objects can be changed at any time.

The following examples show typical back-end views for users with different permissions based on the user's assigned Roles:

Typical CMS Administrator view of the dotCMS backend

CMS Admin Tabs

Typical Content Contributor view of the dotCMS backend

Limited User Tabs

Access to the REST API

There are additional configuration settings and options to control and provide access to the REST API, including both options to limit which users can view and change content via the API, and the use of API Tokens to provide external applications a consistent method of accessing the API.

For more information, please see the REST API Authentication documentation.

On this page


We Dig Feedback

Selected excerpt: