Skip to content. | Skip to navigation

Personal tools

Navigation

You are here: Home / Plone Help / State Management and Sharing

State Management and Sharing

Learn how to make content private, viewable to those who are logged in, or viewable to the world without logging into Plone. Also learn how to allow individuals or groups to modify content.

Overview

Plone uses a combination of State Management and Sharing to determine who is allowed to view and/or edit content.  Both are equally important; they work in tandem.

State Management

Most Plone content has an associated state.  Items that do not have their own state such as images and files, inherit the state of the folder where they are stored.  States work in conjunction with sharing permissions to determine who can see and/or edit different content in the Plone site.  The following figure shows the states available for an Intranet/Extranet site as well as the possible transitions between them.

Consider the following points while reviewing the figure.

  • The initial state for new content is 'Internal Draft'.
  • An editor is anyone who is adding content to- or editing content in a Plone site.
  • A reviewer is a person who has been granted permission to publish content internally or externally.  These roles are assigned to users with Plone's account maintenance function.
  • Only content that is externally published may be viewed without logging in.
  • Content cannot be edited without logging in.
  • A logged-in user must have appropriate sharing permission to view or edit content. Please see the Sharing section below for details.
States for an Intranet/Extranet site

 (Click the image to enlarge it.)

Back to top

Sharing

Sharing Tab

Sharing is used to grant permission to groups of users or individual users either to view or modify Plone content.  (Please see the documentation on user and group maintenance for more details.)  If you have sufficient privilege to change the sharing settings for a Plone content item, a sharing tab will be available when viewing the content as in the example to the right.  To access the settings, click the Sharing tab, which displays a screen similar to the following.

Sharing Screen

 (Click on the image to enlarge it.)

As you can see from the example, there are four permissions that can be granted for any content item in Plone (e.g., pages, folders, etc.):  add, edit, view, and review.  Depending on the level of privilege you have, you may see all or only some of them.  Note that there is one row in the table for each user or group to which permissions are assigned.  To add a user or group to the list, type all or part of the user or group name into the search box and click the Search button.  All users or groups that match your search string will then automatically appear in the list.  Check the appropriate box to grant a permission to a user or group.  For example, to assign 'Can add' permission to the Web Office group in the image above, check the box in the 'Can add' column of the 'Web Office' row.

Also notice the 'Inherit permissions from higher levels' checkbox.  When checked, any permissions assigned to the folder above where you are working are automatically assigned to the content for which you are changing the sharing permissions.  Permissions that are granted at the current level appear as a square box containing a check.  Permissions that are inherited from the parent folder appear as a green, circled check mark.  Inheriting permissions is a very powerful feature because it allows you to assign permissions at some upper level and allow everything below that point including subfolders to have the same set of permissions.  If, however, you wish to "start fresh" at some level, then remove the check from the box in front of this option.

The table below summarizes how each of these sharing options affects individual content types.

Folder Sharing

For content type
When Can add is checked,
the user/group can...
When Can edit is checked,
the user/group can...
When Can view is checked,
the user/group can...
When Can review is checked,
the user/group can...
Page
  • view the page
  • copy the page
  • view the page
  • edit the page
  • change the 'Can edit' sharing setting
  • change the 'Can view' sharing setting
  • view page history
  • revert to a former version (if any)
  • cut the page
  • copy the page
  • delete the page
  • view the page
  • copy the page
  •  publish the page
Folder
  • view the folder
  • add content to the folder
  • sort the folder's contents
  • copy the folder
  • add items to the folder
  • view the folder
  • edit the folder's properties
  • change the 'Can edit' sharing setting
  • change the 'Can view' sharing setting
  • sort the folder's contents
  • copy the folder
  • change the display layout
  • view the folder
  • publish the folder

When setting permissions, consider these points.

  • Sharing settings are additive.  For example, if both 'Can add' and 'Can edit' are checked for a page, the user/group will have all the permissions from both settings.
  • In general, it is best practice to assign permissions to groups instead of individual users.  Using this approach makes maintaining security much easier.

Files and images do not have their own sharing settings.  Instead, they inherit their sharing permissions from the folder where they are stored.  The following table summarizes what operations can be performed on a file/image when the different sharing settings are checked for the folder where it is stored.

When the folder's Can add setting
is checked, the user/group can...
When the folder's Can edit setting
is checked, the user/group can...
When the folder's Can view setting
is checked, the user/group can...
When the folder's Can review setting
is checked, the user/group can...
  • view the file/image
  • edit the file/image
  • transform the image
  • change the 'Can add' sharing setting
  • change the 'Can edit' sharing setting
  • change the 'Can view' sharing setting
  • copy the file/image
  • view the file/image
  • edit the file/image
  • transform the image
  • change the 'Can add' sharing setting
  • change the 'Can edit' sharing setting
  • change the 'Can view' sharing setting
  • copy the file/image
  • cut the file/image
  • delete the file/image
  • view the file/image
  • edit the file/image
  • transform the image
  • change the 'Can add' sharing setting
  • change the 'Can edit' sharing setting
  • change the 'Can view' sharing setting
  • copy the file/image
There is no added benefit to
checking this sharing setting
for files or images.

Note:  Because (1) files and images inherit sharing permissions and (2) content must begin in the 'internal draft' state, it is not possible for anyone but the administrator to place an image or file into a folder that is pending review, published internally, or published externally.

Back to top

Document Actions