Permissions determine the access that each user has to each item in the repository. Permissions are governed by permission sets. Each item in the repository is assigned a permission set by the item’s owner.
The permission set lists specific users and groups and assigns them specific access levels. An access level determines which operations (such as read, edit, or delete) the user or group can perform on the item. Each entry in a permission set is called an access control entry.
There are seven possible access levels. Each higher access level includes the capabilities of the preceding access levels. The access levels are listed in Access levels.
In addition to the seven levels of basic access, there are six levels of extended permissions. For more information on extended permissions, refer to Extended permissions.
Each user is assigned a default permission set. When a user creates an item, the repository assigns the user’s default permission set to the item. For example, if your default permission set gives all members of your department Write access and all other users Read access, then those are the access levels assigned to the item.
You can change an item’s access levels by changing the item’s permission set. To do so you must be the item’s owner (typically the owner is the user who created the item) or you must have Superuser privileges in the item’s repository.
When you modify a permission set, the permission set is saved as a permission set assigned to you. You can then apply the permission set to other items in the repository.
Your ability to edit permission sets depends on your user privileges in the repository:
If you have Superuser privileges, you can modify any permission set in the repository. You can designate any user as the owner of a permission set, and you can change the owner of a permission set. This permission is usually assigned to the repository administrator.
If you have SysAdmin privileges, you can modify any permission set owned by you or by the repository owner. You can designate yourself or the repository owner as the owner of a permission set that you create and you can change whether you or the repository owner owns the permission set. This permission is usually assigned to the repository administrator.
If you have any privileges less than the above, you are the owner only of the permission sets that you create. You can modify any permission set you own, but you cannot change the owner of the permission set.
If you designate the repository owner as the owner of a permission set, that permission set is a System (or Public) permission set. Only a Superuser, System Administrator, or the repository owner can edit the permission set. If a different user is the owner of the permission set, it is a Regular (or Private) permission set. It can be edited by the owner, a Superuser, System Administrator, or the repository owner.
A user with Write or Delete permission can change which permission set is assigned to an object.
Web Publisher users only: If the user does not assign the default permission set, the Content Server assigns a default permission set according to the setting in the default_acl attribute in the server config object.