As 2014 winds down, I'm revisiting the odd draft post left in my blogging queue. This one was a quick email answer to a colleague on how to troubleshoot not being able to read or see a folder in Tridion.
The first "gotcha" is we have two “inheritances” with folder permissions:
- The settings from the item’s (BluePrint) parent, if any. These will match the shared, parent item if the item is not localized (i.e. shared from above).
- The settings from the item’s in-context (same Publication) organizational parent. The "Inherit Security Settings from Parent"* checkbox in the folder’s permissions in properties control this. Removing this lets us change the permissions within that branch for the given Publication, which is then inherited down.
*Peter Kjaer explained the "Inherit Security Settings from Parent" is stored as "IsInheritanceRoot=false" and Dominic Cronin points out that you're responsible for managing the difference when you create such Inheritance Roots (good stuff, thanks guys). I'd say this is akin to localization where the flexibility's great, but has overhead costs in terms of maintenance for the variations.
Also when reviewing permissions, to double check:
- Are the folders localized in any of the Publications?
- Is the Inherit Security Settings from Parent setting set?
- Click on Show Exceptions to see if anything else is explicitly restricted
- Does the user or its groups have rights in the Publication?
|The Show Exceptions feature is somewhat hidden (and probably for good reason--it's hard enough giving permissions and managing the results without also considering exceptions).
Finally hiding folders users don't have access to is controlled by a server setting (in Tridion's MMC Snap In on the Content Manager server). Whether you choose this depends on what you value. Personally, I prefer hiding folders users don’t have access to—it makes it easier to choose and navigation from the given options. But I understand there’s a (possibly slight) performance impact because the system can’t simply show you all the folders at a given level. It must check each folder to know what to show.
My professional recommendation is to start with one approach or the other and adjust if one aspect hurts more (finding items, versus waiting for folders to appear). When in doubt, at least start with something.