Submit Feedback
Liferay Headless Content Management System

Managing Permissions in the Content Management System

Release Feature (LPD-17564) Liferay DXP 2026.Q1+

Space admins configure permissions for spaces and other headless CMS elements, including folders, assets, vocabularies, categories, and content structures. They can also define default permissions at the space or folder level so new content, files, and folders automatically follow a consistent configuration.

See Content Management System Permission Reference for a complete list of available CMS permissions.

Managing Space Permissions

Important

Activate the headless CMS using release feature flags. See Activating the Liferay CMS for more information.

  1. Open the space.

  2. In the space overview, click Actions (Actions Menu) → Permissions next to the space name (1).

  3. Alternatively, navigate to All Spaces and click Actions (Actions icon) → Permissions for the space you want to configure (2).

  4. For each role, check the boxes to assign permissions.

  5. Click Save.

Access the space overview or the All Spaces section to manage permissions for a space.

Once you save these settings, they define the baseline access for users entering the space.

Managing Permissions For Other Elements

You can configure permissions individually for folders, content structures, assets, vocabularies, and categories when you need more granular control than the default permissions applied at the space/folder level.

  1. Open the Global Menu (Global Menu) and click CMS.

  2. In the left menu, select what you want to configure:

    • Contents or Files under Assets for content, files, and folders.

    • Content Structures under Admin for content structures.

    • Categorization under Admin for vocabularies and categories.

  3. Click the item’s Actions (Actions Menu) → Permissions.

  4. For each role, check the boxes to assign permissions.

  5. Click Save.

Applying these granular settings ensures that sensitive assets or specific vocabularies remain restricted regardless of broader space-level access.

Managing Default Permissions

Default permissions define the permissions applied to new sub-folders, content, and files in a space/folder. These defaults apply only to items created after the configuration.

  1. Open the space or navigate to the folder.

  2. Click Actions (Actions Menu) next to the item and select Default Permissions.

    Alternatively, navigate to All Spaces and click Actions (Actions icon) → Default Permissions for the space.

    Tip

    Restore the original Liferay defaults by selecting the Reset to Default Permissions action.

  3. The Edit Default Permissions modal includes

    • Default Folder Permissions: appears for every space and folder. These permissions apply to all sub-folders created inside it.

    • Default Content Permissions: appears for every space and for folders that store content. These permissions apply to all new content created in that space or folder, including its sub-folders.

    • Default File Permissions: appears for every space and for folders that store files. These permissions apply to all new files uploaded to that space or folder, including its sub-folders.

    Edit default permissions through the Edit Default Permissions modal.

  4. For each role, check the boxes to assign permissions.

  5. Click Save.

Note

Default permissions apply only to newly created items. Existing entries remain unchanged unless you use the Edit and Propagate Default Permissions action to update them.

Establishing these defaults streamlines your workflow by ensuring all future assets automatically inherit your preferred configuration.

Propagating Default Permissions

Use the Edit and Propagate Default Permissions action to update permissions for both new and existing items in a space or folder.

To apply and propagate default permissions to existing items,

  1. While managing default permissions, select the Edit and Propagate Default Permissions action.

    Define how folder permissions inheritance should behave in the CMS.

  2. Select a tab: Default Folder Permissions, Default Content Permissions, or Default File Permissions (1).

  3. Configure the permissions for each role (2).

  4. Check I understand that these changes will also affect existing entries (3) and click Save and Propagate (4).

Assign permissions that should be inherited from folders.

Use this propagation method to synchronize your current security requirements across your existing library of content and folders.

Managing Permissions by Role

You can define and manage permissions for individual roles or in bulk to configure access for teams and departments.

  1. Select the checkbox for the folder, content, or file you wish to modify.

    Select the asset's checkbox.

  2. Click Actions (Actions Menu).

    Select Actions.

  3. Select Edit Default Permissions by Role or Edit Permissions by Role.

    Note

    While Edit Default Permissions by Role is visible for all three assets, it only applies to folders. Use Edit Permissions by Role for individual content and files.

    Select one of the options to edit by role.

  4. Select the desired role and apply the permissions.

    Note that you can also browse through the folder, content or file permissions tab while editing the default permissions by role.

    Select the desired role and apply the desired permissions.

Managing permissions by role enables you to scale access control efficiently as your team grows.

Capability:
Content Management System
Resource Type:
Official Documentation
Deployment Approach:
Liferay PaaS
Liferay SaaS
Liferay Self-Hosted
How To related to this article