GlobalRights Enumeration Content Studio 5.7 SDK
Content Studio Web Content Management System

[This is preliminary documentation and is subject to change.]

Defines the global rights in Content Studio

Namespace: ContentStudio.Security
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)

public enum GlobalRights

  Member nameValueDescription
None0 No rights are defined
Logon1 User can log on to the Content Studio web interface.
AdvancedEdit2 Used by the Content Studio web interface when displaying the visual document editor - Webitor. If this right is set the user can see advanced editing features like displaying source code directly.
BypassRevision4 Can bypass revision and publish direct in the Content Studio interface. This bit is valid only when revision support is enabled.
LimitedUserInterface8 If set the user can only use the simple user interface. Users holding the GlobalGroupAdmin flag are excluded from this constraint.
WriteActiveContent16 The user can save document with executable content. Also needed for components and categories that hold components. This right also allows the caller to save uploaded files with restricted file extensions.
Restricted file are defined in the Policies.policy file and by default this policy restricts the the following file extensions that are recognized by the IIS:
  • .ad
  • .adprototype
  • .asa
  • .asax
  • .ascx
  • .ashx
  • .asmx
  • .aspx
  • .asp
  • .axd
  • .browser
  • .cd
  • .cdx
  • .cer
  • .compiled
  • .config
  • .cs
  • .csproj
  • .dd
  • .idc
  • .java
  • .jsl
  • .ldb
  • .ldd
  • .lddprototype
  • .ldf
  • .licx
  • .master
  • .mdb
  • .mdf
  • .msgx
  • .refresh
  • .rem
  • .resources
  • .resx
  • .sd
  • .sdm
  • .sdmdocument
  • .shtml
  • .shtm
  • .sitemap
  • .skin
  • .soap
  • .stm
  • .svc
  • .vb
  • .vbproj
  • .vjsproj
  • .webinfo
  • .exe
  • .com
  • .dll
  • .bat
  • .cmd
  • .awk
  • .jsp
  • .pl
  • .plc
  • .pld
  • .js
  • .ida
  • .php
An administrator can edit the Policies.policy file to change this policy rule.
DestroyDocuments32 The user can delete document from the recycling bin provided that she has DELETE permissions on affected documents. Normally the caller must have admin permissions on the document but this flag bypasses this constraint.
Syncronize64 The user can synchronize document but not delete all the site files. Normally the caller must have globalgroupadmin rights but this flag bypasses this constraint.
RestartWebSite128 The user can restart the web site using the Content Studio API (or from the user interface).

The caller can manage the background service queue.

This right is used by the CS Service Manager background process only and should not be given to other users. By default the SERVICE group, which indicates that the calling process runs as a Windows service, and the local ADMINISTRATORS group have this right and there are no known reasons to assign this right to any other group.


If this right is removed for the Service Manager account (the SERVICE group) all background processes such as asynchronous Xml indexing and Event Actions will stop working.

OwnGroupAdmin512 Allow members to admin group permissions on groups where they are members. This flag is not used in Content Studio version 4.0 and later.
GlobalGroupAdmin1024 User can admin all groups and rights. Callers that have this right are effectively administrators in Content Studio.
ControlOwnObjects2048 User can fully control any object she owns.

A user needs the ControlOwnObjects right in order to be able to change permissions on a securable object when the user is the owner but does not explicitly has permission to change the object's permission settings. Users that holds the GlobalGroupAdmin" right have this right implicitly.

MaxFlags-1 All flag values are set. This value should not be assigned to any object.

Global rights can be assigned to Group objects only and any user member in a group that has a particular right implicitly has that right. You can look at global rights as permissions that are not related to any specific object rather to the system itself, such as permissions to restart the entire site or to rebuild the file system.
See Also