Permissions

A user group policy contains rules that consist of:

Permissions, which define access at the data level (on assets, content, or any data from another entity definition) or at the interface level (pages). They determine what a user can see or do. Permissions are defined on a target entity definition and are always positive. You cannot deny permissions using user group policies.
Conditions, which determine how the permissions are applied and on which entities. Using conditions you can apply permissions to specific entities in the entity definition instead of to the entire entity definition.

Permissions
Permissions by operation

The following table describes permissions. Which permissions are available depends on the entity you select when you define the rule.

Note

When you have a user group policy with a taxonomy as a condition and you want to grant write permission, you must include all taxonomies to be able to update entities.

Permission	Allows users to...	Notes
Read	View any entity in the defined entity definition that fulfills the specified conditions. A user who does not have Read access on an entity is not able to see it in the user interface or in the API. For page content (asset, content, product or any other entity) to be visible, a user must also have Read permission on these entities; otherwise, an empty page is displayed. Enabling this permission for a portal page allows the user to open the page.	Applies to all entities. For content items, the Read permission must be granted for both M.ContentVersion and M.Content.
Create	Create new entities that correspond to the defined entity definition and fulfill the specified conditions.	Applies to all entities.
Update	Modify existing entities that correspond to the defined entity definition and fulfill the specified conditions.	Applies to all entities.
Delete	Delete existing entities that correspond to the defined entity definition and fulfill the specified conditions.	Applies to all entities.
Lock	Lock the orginal version of an asset when a draft version is created.	Applies to assets only. No impact on other entity definitions.
UnlockAlways	Unlock the original asset after the changes are published and the draft is deleted.	Applies to assets only. No impact on other entity definitions.
Submit	Submit assets that fulfill the specified conditions for review.	Applies to assets only. No impact on other entity definitions. This permission does not grant stateflow permissions when transitioning from one state to another.
DirectPublish	Submit assets that fulfill the specified conditions directly and skip the approval workflow steps.	Applies to assets only. No impact on other entity definitions.
Approve	Approve assets that are under review and fulfill the specified conditions.	Applies to assets only. No impact on other entity definitions.
DownloadOriginal	Download the original rendition file for assets that fulfill the specified conditions.	Applies to assets only. No impact on other entity definitions.
DownloadPreview	Download a preview rendition file for assets that fulfill the specified conditions.	Applies to assets only. No impact on other entity definitions.
RequestRestricted	Download restricted assets. Restricted assets are assets that are protected by DRM (Digital Right Management). A download is only permitted for users who are assigned this permission and only after verifying that the intended use of the asset that the user declares matches with the rights profile of the asset.	Applies to assets only. No impact on other entity definitions.
Order	Create a Download order from any search result set.	Applies to assets only. No impact on other entity definitions.
OrderRestricted	Download restricted assets, including when the intended use is not approved. Restricted assets are those assets protected by DRM (Digital Right Management). A download is only permitted for users with this permission even if the intended use of the asset that the user declares does not match with the rights profile of the asset.	Applies to assets only. No impact on other entity definitions.
CreatePublicLinks	Create public links for assets that fulfill the specified conditions.	Applies to assets only. No impact on other entity definitions.
ReadPublicLinks	View asset public links.	Applies to assets only. No impact on other entity definitions.
ContentPublishing	Publish content to the delivery API.	Applies to assets only. No impact on other entity definitions.
AddVersion	Create a new version of an asset by uploading a new file.	Applies to assets only. No impact on other entity definitions.
CreateAnnotations	Add annotations to assets that fulfill the conditions for the asset entity definition or to add annotations to any content item that fulfills the specified conditions if applied to a content entity definition.	Applies to assets only. No impact on other entity definitions. Requires Create permission on the annotation entity definition itself.
ReadAnnotations	Read annotations on assets that fulfill the specified conditions if applied to an asset entity definity or to read annotations on content items that fulfill the specified conditions if applied to a content entity definition.	Applies to assets only. No impact on other entity definitions.
CreateDraft	Create a draft of an approved entity in order to apply changes. This is useful, for example, when a user does not have Update permissions on entities but needs to be able to create a draft with changes to be validated and implemented. CreateDraft applies to digital content and not digital assets.	Applies to assets only. No impact on other entity definitions. Applies only to entity definitions that have the draft functionality enabled.
Archive	Archive assets that fulfill the specified conditions.	Applies to assets only. No impact on other entity definitions. This permission does not give access to the archived assets.
ViewNotWatermarked	See any rendition of an asset that fulfills the specified conditions without watermarks.	Applies to assets only. No impact on other entity definitions.
ViewFileHistory	View asset alternative files.	Applies to assets only. No impact on other entity definitions. Requires the ReadAudit privilege.
ViewDataHistory	View modifications made on asset properties.	Applies to assets only. No impact on other entity definitions. Requires the ReadAudit privilege.
CreateDiscussion	Create comments on assets.	Applies to assets only. No impact on other entity definitions.
Reassign	Reassign tasks in MRM (Marketing Resource Management).	Applies to assets only. No impact on other entity definitions.
EntityPrint	Generate a PDF from single or multiple entities based on a predefined print template.	Applies to assets only. No impact on other entity definitions.
CreateUserRendition	Create and configure renditions for an asset.	Applies to assets only. No impact on other entity definitions.
DownloadUserRendition	Download asset renditions.	Applies to assets only. No impact on other entity definitions.
ShareViaEmail	Share assets using emails.	Applies to assets only. No impact on other entity definitions.

Note

You do not need specific permissions to download preview and thumbnail renditions.

The following table lists Content Hub operations with the permissions required to use them.

Operation	Permissions required
Annotations	CreateAnnotations ReadAnnotations
Custom renditions	DownloadOriginal CreateUserRenditions
Delete	Delete
Detach from original	Update to save a variant as a standalone entity
Downloads	DownloadOriginal DownloadPreview
Drafts	CreateDrafts Delete to discard a draft
Duplicate	Create
Localize	Create to adapt content or campaigns to a defined language
Preview (without watermark)	DownloadPreview ViewNotWatermarked
Save as new	Update CreateDraft to save an entity as a new version
Share (through email)	ShareViaEmail
Stateflows	Update on the target entity Reassign for task assignment
User renditions	CreateUserRendition DownloadUserRendition

Can we improve this article ? Provide feedback