Configuring document permissions

Permissions for access to Kentico documents can be configured at three levels of a three-level permissions hierarchy. Click the links in the Document permission level column to learn more about each of them.

Document permission level

Granted to

Applied to

Configurable in

Permissions for all content


all documents

Permissions application

Permissions for document types


all documents of one particular document type

Permissions application

Document-level permissions (ACLs)

roles or individual users

one particular document

Pages application -> Properties -> Security

Permissions from these three levels are merged together when checking if a user is permitted to perform an action with a document. For example, to read a CMS.News document, a user must have the Read permission on at least one of the three levels: either on the document-level, or for the CMS.News document type, or for all content.

There is also one special setting that allows hiding of documents in the content tree depending on document permissions granted to the current user. See theĀ Hiding documents in the content tree based on permissions for more information on this possibility.