CentraSite 10.3 | CentraSite User’s Guide | Asset Management | Managing Assets through CentraSite Control | General Procedures across Assets | Setting Permissions on Asset
 
Setting Permissions on Asset
 
Restricting Access to Asset Profiles
Setting Instance Level Permissions on Asset
Setting Instance Level Profile Permissions on Asset
Propagation of Permissions
To set permissions on an asset, you must have the Manage Assets permission or have the Full instance-level permission on the asset itself.
By default, everyone in your organization is permitted to view the assets that you publish. However, only you (as the owner of the asset) and users who belong to a role with the Manage Assets permission for your organization are allowed to view, edit, and delete these assets. To enable other users to view, edit, and delete an asset that you have published, you must modify the asset's permission settings.
Important:CentraSite Control does not allow you to set permissions on assets of the following types:
*XML Service
*REST Service
*OData Service
*Virtual XML Service
*Virtual REST Service
*Virtual OData Service
When setting permissions on assets, keep the following points in mind:
*To set permissions on an asset, you must belong to a role that has the Manage Assets permission or have the Full instance-level permission on the asset itself.
*You can assign permissions to any individual user or group defined in CentraSite.
*The groups to which you can assign permissions include the following system-defined groups:
Group Name
Description
Users
All users within a specified organization.
Members
All users within a specified organization and its child organizations.
Everyone
All users of CentraSite  including guest users.
*If a user is affected by multiple permission assignments, the user receives the union of all the assignments. For example, if group ABC has Modify permission on an asset and group XYZ has Full permission on the same asset, users that belong to both groups will, in effect, receive Full permission on the asset.
The same principle applies to users who have both role-based permissions and instance-level permissions on the same asset. In this case, users receive the union of the role-based permission and the instance-level permission on the asset.
*If you intend to give users in other organizations access to the asset and the asset includes supporting documents that you want those users to be able to view, make sure you give those users permission to view the supporting documents as well as the asset itself.
You can set the permissions on an asset in two ways:
*Using the Permissions profile in the user interface
You can use the Permissions profile in CentraSite Control.
*Using the Set Instance and Profile Permissions policy action
You can use the Set Instance and Profile Permissions policy action in a design/change-time policy to automatically assign permissions to an asset during any of the following events:
*PostCreate
*PreStateChange
*PostStateChange
*OnTrigger
For more information about creating policies and about using the Set Instance and Profile Permissions action, see the CentraSite Developer’s Guide.