Tip: Folder Permissions and the System Folder
By Marc Santosusso-Oracle on Mar 11, 2009
If you've been waiting for folder security in the UPK Library, I know exactly what some of you are thinking, "It's time to lock down the System folder once and for all!" But wait--there are some important things to consider.
Many of the documents in the System folder are used by other features in the Developer. To help you decide how you would like to lock down the System folder without causing any problems for your authors, we've described some of the permissions required by various folders in the System folder below:
Templates (Suggested permission: READ)
If authors do not have permission to READ the Templates folder, they will not be able to open topics in the Topic Editor, because the author will be unable to read the text generated using the templates. It is possible to set permission on the language folders beneath the Templates folder individually. For example, giving an author LIST permission to the Templates/en ("en" for English), would prevent this author from opening topics using the English template, but if the same author had READ permission to Templates/de ("de" for German), they could still open topics which use the German template.
Publishing/Styles (Suggested permission: READ)
If authors do not have permission to READ the Publishing Styles folder, they will not be able to publish or preview content.
Publishing/Help Menu Integration (Suggested permission: READ)
When an author publishes a Player, these files will be needed to integrate the Player into the help menu of various applications.
Icons/Custom (Suggested permission: MODIFY)
If authors are allowed to add icons for frame links, they will need the ability to MODIFY this folder. If authors do not need this capability, READ permissions should suffice.
Icons/Standard (Suggested permission: READ)
Authors will need READ to this folder to open topics in the Topic Editor, even if there are no attachments using these icons.
Roles (Suggested permission: READ)
Authors who need to add roles to modules, sections, or topics will need READ permissions to this folder. Authors who need to add roles to the Master Role List, will need MODIFY permission to this folder.
In summary, most, if not all, authors should have READ permission to the entire System folder, with a few exceptions. You'll notice that there are no default cases where LIST permission is recommended, which illustrates that LIST should be used with careful consideration.
Please share your thoughts on Library permissions in the comments.