Permissions propagation provides the ability to map a set of object permissions to the object's children. This can be accomplished in two different and complementary ways: dynamic permissions inheritance, and static permissions propagation.
Dynamic permissions inheritance is enabled by clicking the "Inherit Permissions from Parent" checkbox in the Edit Permissions form. If this box is clicked, then an object will inherit permissions from its parent object. The resultant permissions for the object are the least restrictive set of permissions formed from the conjunction of the object's permissions and its parents' permissions.
If the parent object also has "Inherit Permissions" checked, then the parents' effective set of permissions will be the result of its inheritance. Do not click 'inherit permissions' for an object unless you are cognizant of the parent permissions and are sure that you want to inherit them. For example, if the parent object allows a given individual to edit permissions on that object, then the child object will inherit this configuration, and the given individual will be able to edit permission on the child object as well.
Static permissions propagation allows adding, removing and replacing permissions in all gizmos contained in one branch of the content tree; that is, the recursive permissions setting functions will visit every gizmo in the branch and change its permissions according to what you request. This functionality differs from that described above in that the changes in permissions settings are not calculated on the fly, but instead actually change the information associated with the descendant objects.
There are two modes of operation for static recursive permissions setting. "Add Permissions Recursively" allows for recursively adding permissions to the access control lists of gizmos. "Remove Permissions Recursively" will do the opposite and remove entries from the access control lists.
CAUTIONARY NOTE: Recursive permissions propagation is a very powerful technique and should be used with care. With one command you can change the whole permissions structure of your system.
For example, if the user has permissions to change permissions on a top-node site object, they can then change permissions on all of its sub-objects as well.
As an example, consider a situation in which Edit access should be added for a particular group in all gizmos under a branch. To achieve this, start by going to the page at which the branch starts, enable Editing and click on the "key" icon of it to enter its permissions page. You'll see a link to the Advanced options on the top right:
Select the Advanced link. You'll see a menu for the different Recursive Permissions options.
Select "Add Permissions Recursively". This will take you to the following page:
In order to add permissions you should select a group and click add. In this case we will select the group called Marketing. After that you must check the permission you want to grant this group in all gizmos below this page. We check Edit and we also check View. The latter we check because it doesn't make sense to grant Edit permission without granting View (as you won't be able to Edit what you cannot see). The complete form should look like follows just prior to saving it:
Click on "Save Changes" and you'll get a confirmation page in which you'll see the number of gizmos that will be affected by the recursive permissions operation. In this case it means that Marketing group will be granted View and Edit permissions in all gizmos below the "Products" page:
Click on "Save Changes" and the operation will be performed. That's it! We have just granted Edit and View permissions to the Marketing group for a whole branch of content, all in a single operation.
Using the Remove Permissions operations is equally simple. Imagine you no longer want to have the Marketing group have Edit permission in the "Products" branch. To achieve this you can simply run a Remove Recursively operation on the "Products" branch, selecting Marketing and Edit as the permissions to remove from that branch.
© Copyright Metadot Corporation 2003. All rights reserved.