Content Studio permissions integrates with the file system

Applies to: Content Studio ver. 4.0 +

All objects in the Content Studio document system (i.e. Site root, units, categories and documents) has its corresponding folder or file in the underlying file system. A request from the Internet typically goes to the main default.asp file and then is redirected to the file that represents the requested document/documents in the file system without reading any content from the database. The database only does a lookup on the requested documentid (as found in the id parameter in the querystring) and translates it into physical file name. During the lookup the caller's permission is checked and if the BROWSE permission is not found Content Studio denies the request and refuses to return any file name. To bypass this security check it would be possible for a caller to make a request for the file directly. This is virtually impossible since the file name consists of a GUID + the original file extension and there is no possibility to guess or try to find the GUID that represents the file using brute force. In addition Content Studio also adjusts the DACL of any underlying object where the BROWSE permission is granted or denied. The browse permission in Content Studio is translated into the READ/EXECUTE permission in the file system. This has the consequense that no trustee besides the CS_Runtime account has any permissions higher than this. One exception is the Administrator group which is given the WRITE DACL permission in addition to the READ/EXECUTE permission. This makes i possible for an administrator to make changes in the file system by first granting themselves the permission needed before doing their work. There is normally no need to do this except when running the installation program and therefor the administrators alias is given the MODIFY permission on the site root in order to be able to update the site root files such as default.asp and global.asa. The other permissions in Content Studio is not stored in the file system since all work besides reading is done by the CS_Runtime account. Documents and folders are created, updated and deleted exclusively by this account. This also has the effect that all these objects are owned by this account unless CS_Runtime is a member of the local administrators group which is something that you should avoid by any means.