Grant and deny permissions
Assets will automatically inherit the permissions applied to the parent asset.
No permissions apply to an asset if none are granted. You can grant either read, write, or admin permission to either a user, user group, or role.
You can also deny read, write, or admin permissions to a particular asset, to prevent a user, user group, or a role from accessing a particular asset.
If you choose to grant or deny access to a user group, all users in that group will automatically inherit those permissions.
You do not have to grant permissions to individuals in that group explicitly. The same is true for roles. If you grant or deny access to a role, all users or user groups assigned that role on that asset will automatically inherit those permissions.
Common permission outcomes
The following are some common permission examples based on granting or denying access on the Permissions screen of an asset:
- Grant public read permission
-
The public will be able to view the asset’s content from the frontend of your site.
- Grant read permission to a user group containing users
-
Signed-in users in that user group can view the content on the frontend of your site.
- Grant read permission to a user group containing backend users
-
Backend users in that user group can view the screens of the asset in the administration interface. However, they will not be able to edit it.
- Deny read permission to a user group containing backend users
-
Backend users in that user group can see the asset in the asset tree. However, they will not be able to view any of its screens.
- Grant write permission to a user group containing backend users
-
Backend users in that user group can edit that asset and create child assets.
- Grant admin permission to a user group containing backend users
-
Backend users in that user group will be considered administrators of the asset.
They can perform all functions on the asset, including making the asset live, changing permissions, and applying metadata and workflow schemas.
- Deny admin permission to a system administrator or the root user
-
Matrix will ignore this setting. System administrators and the root user have access to all assets within the system, regardless of permissions applied.