Warning
You're browsing the documentation for an old version of Webiny. Consider upgrading your project to Webiny 5.40.x.
Can I use this?

Webiny Enterprise license is required to use this feature.

This feature is available since Webiny v5.38.0.

What you’ll learn
  • an overview of the features the Folder Level Permissions feature provides and how to use it
  • how the enable Folder Level Permissions

Overview
anchor

With the 5.38.0 release, we’ve expanded Webiny’s Advanced Access Control Layer (AACL), by introducing a brand-new feature called Folder Level Permissions.

Folder Level PermissionsFolder Level Permissions
(click to enlarge)

With this feature, users can define access permissions on a folder level. More specifically, users that are designated as folder owners can now define which users (and also teams with the Teams feature enabled) can access which folders, and what actions they can perform on those folders:

  • Viewer - users can view content, but not modify it
  • Editor - users can view and modify content
  • Owner - users can edit and manage content permissions

Folder Level Permissions can be used across the three main Webiny applications: Headless CMS (content entries), File Manager (files), and Page Builder (pages).

Enabling Folder Level Permissions and Feature Overview
anchor

For Webiny Enterprise users, apart from linking their Webiny project with Webiny Control Panel (WCP), there are no additional steps required to enable Folder Level Permissions.

Once linked, Folder Level Permissions will be automatically enabled and full access users can start using it all three applications: Headless CMS, File Manager, and Page Builder.

Once enabled, note that only users that have the Full Access security role assigned can use the Folder Level Permissions feature. They are the ones that can then assign new owners to folders that can then manage permissions for other users.

For example, if we were to open the Page Builder app, right-clicking on a folder in the tree on the left will open a context menu, now with the Manage Permissions option included:

Manage Permissions OptionManage Permissions Option
(click to enlarge)

Clicking on the Manage Permissions option will open a dialog where we can assign users and teams to the folder, and also define their permissions:

Manage Permissions DialogManage Permissions Dialog
(click to enlarge)

Once permissions are assigned, the icon of the folder changes, indicating that the folder has permissions assigned:

Folder Level Permissions AssignedFolder Level Permissions Assigned
(click to enlarge)

FAQ
anchor

When I Enable Folder Level Permissions, Will All My Existing Users Be Able to Use It?
anchor

No. Only users that have the Full Access security role assigned can use the Folder Level Permissions feature.

In Terms of Access for Other Users, Will Anything Change Once I Enable Folder Level Permissions?
anchor

No. The only thing that will change is that users that have the Full Access security role assigned will be able to use the Folder Level Permissions feature.

But in terms of what users can access, nothing will change. For example, if a user has access to a specific folder, they will still have access to it after enabling Folder Level Permissions. Only by using the Folder Level Permissions feature and setting permissions on a folder level, can you change what users can access.

Can I Use Folder Level Permissions With the Teams Feature?
anchor

Yes. You can assign teams to folders, and then define their permissions.

Can I Assign Permissions to the Root Folder?
anchor

No. The root folder is always accessible to all users.

A workaround for this is to create a new folder, and then move all the content from the root folder to the new folder. Then, you can assign permissions to the new folder.

How Does Folder Level Permissions Feature Work With Existing Security Layer?
anchor

Folder Level Permissions feature is an extension of the existing security layer. It does not replace it.

This means that existing security roles and security teams are still the first thing that is checked when a user tries to access a resource. For example, if user’s security role doesn’t grant access to Page Builder, then the user will not be able to access Page Builder, even if they have permissions assigned to a folder in Page Builder.

Can I Use Folder Level Permissions With API Tokens?
anchor

At the moment, the answer is no. API tokens are not subject to folder level permissions. They will always have access to all folders.