A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
Solution for Handling File Upload Permissions in Episerver CMS 12
This is probably the solution for your question How to: set access right to folders - Quan Mai's blog
Feb 07, 2025 8:48
Farhin
- Feb 08, 2025 0:45
Thanks, Quan. This worked like a charm! However, I do have a follow-up question, and I’d appreciate it if you could shed some light on this. I’ve created custom groups in Optimizely, "Author" and "Approver." I added them as follows, but the files were still not accessible until I added the "Everyone" role. This same issue occurred in CMS 11 as well. Shouldn’t custom roles work?
writableDescriptor.AddEntry(new AccessControlEntry("Everyone", AccessLevel.Read, SecurityEntityType.Role));
writableDescriptor.AddEntry(new AccessControlEntry(author, AccessLevel.Read | AccessLevel.Create | AccessLevel.Edit | AccessLevel.Delete, SecurityEntityType.Role));
writableDescriptor.AddEntry(new AccessControlEntry(approver, AccessLevel.Read | AccessLevel.Create | AccessLevel.Edit | AccessLevel.Delete | AccessLevel.Publish, SecurityEntityType.Role));
writableDescriptor.AddEntry(new AccessControlEntry("Everyone", AccessLevel.Read, SecurityEntityType.Role));
writableDescriptor.AddEntry(new AccessControlEntry(author, AccessLevel.Read | AccessLevel.Create | AccessLevel.Edit | AccessLevel.Delete, SecurityEntityType.Role));
writableDescriptor.AddEntry(new AccessControlEntry(approver, AccessLevel.Read | AccessLevel.Create | AccessLevel.Edit | AccessLevel.Delete | AccessLevel.Publish, SecurityEntityType.Role));
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Hello,
We are currently working with Episerver CMS 12 and have a challenge related to file upload permissions. In our setup, we have two custom groups mapped: "Author" and "Approver." Authors have all permissions except Administer rights.
We’ve set up Episerver forms, including a file upload element. After users submit the form, an email is sent to a defined group with the details of the submission, including a link to the uploaded file. However, when the designated users click on the file link in the email, they receive a "resource not found" error.
In CMS 11, we were able to resolve this by explicitly adding permissions to a folder named "Uploaded Files," as suggested in this article:
Episerver Forms: Public Access to Uploaded Files
However, with CMS 12, the EditSecurity.aspx approach is no longer supported.
Does anyone have a solution or alternative way to handle file access permissions for uploaded files in CMS 12?
Regards.