Rights on Assets
Rights on Assets controls who can see and act on each folder and asset in the Assets module. Access is set per folder or asset, and rights you do not set are inherited automatically from the parent folder, so you can manage a whole tree from a few well-chosen points.
This section explains how the feature works and how to configure it.
How access is decided
There are two scopes of rights:
-
User-level rights decide whether someone can use the Assets module at all, and a few module-wide abilities such as watching folders or exporting metadata. These are configured in User Management, on user roles.
-
Folder- and asset-level rights decide what someone can do on a specific folder or asset: view it, upload to it, download it, move it, and so on. These are configured via Set Rights on the item itself.
Folder- and asset-level rights use three states (Allow, Deny, Not Set) and resolve through inheritance. User-level rights are a simple on or off.
In this section
-
Set Rights on folders and assets: how to open Set Rights and configure access for users and groups.
-
Calculate effective rights: check exactly what a user or group can do on a folder or asset, and why.
-
How rights are inherited: the Allow / Deny / Not Set model, the resolution rules, Traverse, moves, and cascading actions.
-
Asset rights reference: the full list of folder- and asset-level rights and what each one grants.
-
Asset Roles: named presets of asset-level rights, defined in User Management and applied via Set Rights.
-
Logs of rights changes: where rights changes are recorded.
Related pages
-
Super user access bypasses all folder- and asset-level rights. See Super users