Folder Level Permissions

Overview

With the 5.38.0 release, we’ve expanded Webiny’s Advanced Access Control Layer (AACL), by introducing a brand-new feature called Folder Level Permissions.

Folder Level Permissions

(click to enlarge)

With this feature, users can define access permissions on a folder level. More specifically, users that are designated as folder owners can now define which users (and also teams with the Teams feature enabled) can access which folders, and what actions they can perform on those folders:

• Viewer - users can view content, but not modify it
• Editor - users can view and modify content
• Owner - users can edit and manage content permissions

Folder Level Permissions can be used across the three main Webiny applications: Headless CMS (content entries), File Manager (files), and Page Builder (pages).

Enabling Folder Level Permissions and Feature Overview

For Webiny Enterprise users, apart from linking their Webiny project with Webiny Control Panel (WCP), there are no additional steps required to enable Folder Level Permissions.

Once linked, Folder Level Permissions will be automatically enabled and full access users can start using it all three applications: Headless CMS, File Manager, and Page Builder.

For example, if we were to open the Page Builder app, right-clicking on a folder in the tree on the left will open a context menu, now with the Manage Permissions option included:

Manage Permissions Option

(click to enlarge)

Clicking on the Manage Permissions option will open a dialog where we can assign users and teams to the folder, and also define their permissions:

Manage Permissions Dialog

(click to enlarge)

Once permissions are assigned, the icon of the folder changes, indicating that the folder has permissions assigned:

Folder Level Permissions Assigned

(click to enlarge)

FAQ

When I Enable Folder Level Permissions, Will All My Existing Users Be Able to Use It?

No. Only users that have the Full Access security role assigned can use the Folder Level Permissions feature.

In Terms of Access for Other Users, Will Anything Change Once I Enable Folder Level Permissions?

No. The only thing that will change is that users that have the Full Access security role assigned will be able to use the Folder Level Permissions feature.

But in terms of what users can access, nothing will change. For example, if a user has access to a specific folder, they will still have access to it after enabling Folder Level Permissions. Only by using the Folder Level Permissions feature and setting permissions on a folder level, can you change what users can access.

Can I Use Folder Level Permissions With the Teams Feature?

Yes. You can assign teams to folders, and then define their permissions.

Can I Assign Permissions to the Root Folder?

No. The root folder is always accessible to all users.

A workaround for this is to create a new folder, and then move all the content from the root folder to the new folder. Then, you can assign permissions to the new folder.

How Does Folder Level Permissions Feature Work With Existing Security Layer?

Folder Level Permissions feature is an extension of the existing security layer. It does not replace it.

This means that existing security roles and security teams are still the first thing that is checked when a user tries to access a resource. For example, if user’s security role doesn’t grant access to Page Builder, then the user will not be able to access Page Builder, even if they have permissions assigned to a folder in Page Builder.

Can I Use Folder Level Permissions With API Tokens?

At the moment, the answer is no. API tokens are not subject to folder level permissions. They will always have access to all folders.