This article covers how Resources permissions work in Finalsite Composer, including the Global and Folder level controls and how Gallery and Post/Messages folder access can be granted separately.
đź’ˇQuick answers
- What levels can Resources permissions be granted at? Resources permissions can be set at the Global level, Folder level, Gallery level, and Post or Messages folder level, giving very specific control over what each admin group can access.
- What does View, Upload and Edit access allow in Resources? Admins can view resources, upload new ones, add resources to galleries, create new folders and galleries, and edit public and private resources, but they cannot remove or change settings on folders or galleries themselves.
- Where do you set permissions for a specific Resources folder? Navigate to the folder in the Resources tab, open the three dot menu, select Settings, and go to the Permissions tab to grant access to a group or individual constituent.
- Can permission be given to just one constituent instead of a whole group? Yes; use the Enter Constituent field in a folder or gallery's Permissions tab to search for and select an individual, then set their level of access.
- Why can't Messages folder permissions be restricted to specific admins? Messages folders in Resources use all or nothing access; anyone with access to the Messages module automatically has full access to all Messages folders, since these folders exist only for organizing files, not for granular security.
- How do you restrict access to sensitive files instead of using a Messages folder? Store the files in a standard Public or Private Resource folder instead of a Messages folder, then apply granular permissions directly to that standard folder.
In this article, we’ll describe the process for granting permissions within the Resources module.
Resources permissions offer very specific control over what any of your admin users are allowed to access in the module. This is done on several levels: Global Level, Folder Level, Gallery Level, as well as Post/Messages Folder Level. For example scenarios, check out our article, "Resources permissions examples."
Set Global Level permissions
Rights to the entire Resources module can be granted through the Permissions tab to any admin user group that has access to Composer.
Much like in Composer permissions, the tab shows a list of the admin user groups. Dropdown menus let you choose the level of rights to grant to members of a given admin group: Admin;Â View, Upload & Edit; or Not Allowed.
- Not Allowed: Admin users in this group will not have access to anything in Resources by default. Rights may be granted to specific folders or galleries individually.
- View, Upload & Edit: Admins will be able to view resources. Upload new resources, add resources to galleries, and add new resource folders and galleries. They can edit public and private resources, as well as have limited access to the Resources and Galleries tabs of the module.
This level does not include the right to remove or edit settings on any folders or galleries.Â
- Admin: Admins will have full rights to the entire Resources module, including the ability to assign admin permissions to other admin groups.
Set Folder Level permissions
Resources are organized into folders, and admins can assign rights to a particular folder to a constituent or group of constituents (or an admin who doesn't otherwise have rights to Resources). This means users can access certain areas of Resources without viewing the entire module.
To edit a Folder's permissions, navigate to the folder in the Resources tab, go to the three-dot menu for that board, select Settings, and go to the Permissions tab.
Grant permission to a group of constituents
Click Select Group to choose the group of constituents or admin users who will be granted access to this folder and its contents.
- The picker will open up and allow you to choose a group of constituents (who may or may not be admin users).
- To select an admin user group, expand out the Site Administrators group to select from your admin user groups.
Grant permission to an individual constituentÂ
You also have the option to grant permission to one or a few individual constituents at a time.
- Click into the Enter Constituent field to start typing the name of a constituent who you'd like to have access to this board and its posts.
- Select the constituent. Once selected, the name of this individual will populate below for you to next set the level of access.
Select the level of access
Once you have selected your group and/or individuals, determine the level of access they'll be granted from the dropdown menu.
Folder rights can be assigned at various levels:
- Remove Access: This will take away all access for the selected group or constituent.
- View: The user can view the resources in that folder. Users can also add resources from that folder to galleries they have permissions for (described below).
- View, Edit, Delete all folder contents: Users have access to manipulate all the resources in the folder, but not the folder itself. Users can upload new resources, edit resource properties, move resources to another folder they have access to, delete resources, or replace resources.
- View, Edit, Delete this folder: Users can edit the settings of the folder and delete the folder.
- Admin: Gives ability to assign permission levels to other groups or constituents.
Set Gallery Level permissions
Gallery permissions are very similar to folder permissions. Whereas folders are used to organize resources on the back end of the site, galleries determine how to display them on the front end.
Gallery rights do not confer the ability to edit the resources themselves, only to add or remove resources from that gallery.
Gallery permissions are granted exactly the same was as Folder permissions (see above): navigate to the gallery, click on its action menu, and select Settings. Then click the Permissions tab and use the text field to grant permission to individuals, or the Select Group button to grant permissions to all members of a group.
Set Post/Messages Folder Level permissions
In addition to the regular resources folders, Resources includes two more sets of folders for you:
- Post board folders: A folder is created for the resources used in each board in Posts.
- Messages folders: Folders that are created for resources used in the Messages module. For more information on how this works, read the section, "Managing Messages images in the Resources module" in the article, "Use images in Messages templates."
Post board folders
Permissions for these folders are inherited based on a user's Posts permissions. Anyone who has rights to a board in Posts will automatically have access to that board's corresponding folder in Resources, regardless of whether or not they have any other Resources rights. To control rights to these folders, adjust the permission settings in Posts. For more information, refer to our article Posts permissions.Â
Messages folders
Scroll down a bit further to see the folders that you can create for resources used in the Messages module. These folders exist so that you can organize and store files to be available to anyone creating messages. When images are added within a message, the user will be able to access this folder without having access to Resources.Â
⚠️ Important Note on Messages folder Permissions
Unlike standard Resource folders, Messages-specific folders have unique permission rules:
"All-or-Nothing" access: Permissions cannot be restricted at the folder level. Anyone with access to the Messages module has full access to all Messages folders in Resources.
Organizational use only: These folders appear in the Resources GUI solely to help you manage and organize files; they do not support granular security settings.
Inherited rights: A user does not need specific Resources rights to see these; their Messages admin rights automatically grant them access.
What if I need to restrict access?
If you need to lock down specific files so only certain users can see them:
Do not store them in a Messages folder.
Store them in a standard Public or Private Resource folder.
Apply granular permissions directly to those standard folders.
Comments
Please Sign in to leave a comment if you don't see the comment box below.