A user is member of a group with view, edit and add permisssions to folder A.

The user is not allowed to edit ADD attributes on folder A. The add permission column is greyed out.

When the user adds a folder B in folder A, the user cannot edit the add permissions on folder B. The add permission column is greyed out.

When editing attributes after folder B has been created (with permissions inherited from folder A) the user cannot edit the Add permissions even though the user has Edit and Add permissions on the folder.

The portal has 25 roles, DMX version 5.1.3.

How do I set up the permissions to allow users to edit the ADD permissions?

Hi Tor,

What you're referring to are the "permission permissions". These are actually flexible but there is no UI. There is a table DMX_PermissionPermissions which links roles to Permissions. You'll see All Users have access to VIEW and EDIT and only admins can do ADD and APPROVE. Just change this and you should see it in the UI. Note though that this is portal-wide.

Peter

Glad I found this article - "permission permissions" as you call them are important to users like me who grant specific, non-admin rights to folders and want to delegate the permission management to users of my site for that folder tree.

I'd like to suggest that you add a new Help Document on these "Permission Permissions" so people like me don't have to scan forums for this info - very fundamental authority management use case IMO.

Love this module!

Along the lines of this permission permissions feature, I'd also like to suggest you consider adding a new feature:

On top of VIEW, EDIT, ADD and APPROVE permission types, why not add PERMISSION as a type? This way, you can explicitly grant users the rights (or remove the rights thereby removing the Permissions tab) to grant permissions for a folder/sub-folder.

The use case is this: I set up DMX for a client who has their own clients that need to log in and add files, so I had to give certain roles in the DMX_PermissionPermissions table access to ADD and APPROVE. When my client's clients log in and Edit Attributes, they see the Permissions tab and can actually remove access to their folder from my client or any roles - this is not good! I want my client to be able to manage permissions but I do NOT want THEIR clients to even see this section of the Edit Attributes page. After briefly reviewing your architecture, it seems a new permission type would be the most natural way to allow for this.

Hope this suggestion finds you well, don't see a place to request features officially.

Best regards,
Caleb Blanton

Hi Caleb,

Interesting idea. I'll add it to the wish list.

Peter

Hi there, I am using dnn 5.6.0 and just installed latest DMX. Have users assigned to a role where they have some admin permissions and tried adding roleID 8 (the LIMITED ADMIN ROLE) with 2 entires in dmx_permissionPermissions so they have permissionID 3 & 4 (which I see in the table is the same for user ID 3 - portal administrator). However, it still doesnt give the option to those users for adding files. This is in a child portal.

Am I missing something? Thanks in advance, Jon

Hi Jon,

The ability to add files is independent of DMX_PermissionPermissions. It depends on the permissions of the folder you're in. The root folder is only for portal admins. They create a first layer of folders for the application (see getting started document). DMX_PermissionPermissions governs the ability to check the checkboxes in the permission grid of an item.

Peter

Thanks Peter, its working great now... Cheers, Jon

I noticed this post searching for information on Edit and Add permissions. If I give Add permission but not Edit does this mean someone can only post items and not delete or move items?

Hi Lewis,

No. What it will mean in practice is that the user will be able to add new items and subsequently edit them as well but he/she won't be able to edit the containing folder.

Background: in DMX 3 there was only VIEW and EDIT. The downside was that if you wanted to give someone the ability to add content to a folder you needed to give EDIT rights on the folder. That was unwanted in many situations. So ADD was introduced.

Peter