Permissions are used to control and regulate access to specific Kadanza components and functions. They are assigned to user groups by admins, meaning that permissions apply to the members of that user group.
Permissions in the Kadanza Core are pretty straightforward. You can define whether a user in a given user group is allowed to access pages and components on those pages.
By adding one or more user groups to a page or component, all users from those groups will have access to the content. By default, a page always has the user group All users (every user is a member of this group) assigned to it so everyone can see the content when no other permissions are present.
Once access rights have been established on a page, all subpages will inherit the same access rights. When additional access rights are required, these can be easily added to the page.
Besides Kadanza Core and its components, other extensions, such as Assets and Layouts, also come with their own permission settings. Keep in mind that since these extensions are placed on a page, the user permissions assigned to such pages will affect the visibility of the extension. By aligning the permission settings for the visibility of pages, content elements, and extensions, you can create a single and smart permission scheme.
The Kadanza Assets extension can be configured on pages in the Kadanza Core. Meaning that we can add permissions on both the page and the extension itself. Within the Assets extension, we can also add permissions to categories. For example, you’re only allowed to see approved assets or download a specific file type.
Subcategories will inherit the permissions from their parent category unless different permissions are set on a subcategory. You can also decide to have different permissions for each category.
Permissions in the Kadanza Layouts are also based on user groups. By combining user groups, permission schemes can be created for:
- Document visibility
- Transferring documents between editors
- Download or export options
- Document approval workflows
- Print partner connections
Permissions are configured on user group categories. To explain the permission inheritance, we use the following example:
- Add asset
- View asset (can be specified per file type)
- Edit asset
- Delete asset
- Download original asset (makes it possible to allow and block specific user groups to download the original asset
Step 1: No permissions configured
When no permissions are set, nobody has access to the category, so be sure to always select at least one user group.
Step 2: Base configuration
The category Campaigns has the following permissions:
- Add asset: Admin
- View asset: Admin, Design, Marketing
- Edit asset: Admin
- Delete asset: Admin
- Download original the asset: Admin, Design, Marketing
This means that a user in the Admin user group can perform all actions on a category. The Design and Marketing user group will be limited to viewing and downloading the assets in this category.
When a child category has no specific permissions configured, permissions will be inherited from the parent category. So, for example, the Campaigns/Summer2021/PDF category will have the same permissions as the Campaigns category.
Step 3: Overwriting base configuration
Currently, only users from the Admin user group can add assets to the categories under Campaigns. For Summer2021, you want to grant the Design user group access to the PSD category. The following configuration is added to Campaigns/Summer2021/PSD:
- Add asset: Admin, Design
- View asset: Admin
- Edit asset: Admin, Design
- Delete asset: Admin, Design
- Download original the asset: Admin
This means that the Admin user group still has full control and the Design user group can now add, edit, and delete assets. The Marketing user group will have no access to this category.
Step 4: Inheritance
When no permissions are added to a specific category, the system will use the parent permissions by default. At the moment, 2 categories are configured with user permissions. The following assumptions are being made:
- Campaigns will not inherit
- Campaigns/Summer2021 will inherit from Campaigns
- Campaigns/Summer2021/PDF will inherit from Campaigns
- Campaigns/Summer2021/PSD will not inherit, as its specific permissions have been configured.