Digital Hive Folder and File Permissions Explained

This article is updated to reflect functionality as of the 2025.1 release.

Digital Hive allows Administrators, and other privileged users, to create custom folder structures that can organize external content alongside content that is stored within the Digital Hive application. There are different types of content that can be contained within the Digital Hive folder structure.

Digital Hive Folders: These are folders that are created through the Digital Hive UI and the information text, below the title, would only contain the word Folder.

Digital Hive Files: Different types of files can be uploaded to Digital Hive directly. These files can serve as additional content, like PDFs, Powerpoint decks, spreadsheets, etc, or can be used as part of the design process when creating Hives: PNGs, JPGs, SVGs, etc. Similar to the Digital Hive folders, this content can be recognized by the information text only containing the document type.

Shortcuts: This type of object is useful when a custom folder structure is required and instead of duplicating existing content, shortcuts can be used. Shortcuts can be created for Digital Hive folders, files, and third party content. To distinguish them from the original content, there is a shortcut icon at the start of the information text label, below the title.

Third-party Content: Folders, files, and other objects from third-party content systems can also be added to the Digital Hive folder structure. The display card for these objects will look similar to the Digital Hive folder and files but will have the name of the third-party systems, as it is defined in the Digital Hive Control Center.

 

Connector Mount Points: There is one other special type of folder that is created within the Digital Hive folder structure, but points to a third-party system folder. These are the folders that get configured when adding third-party content to the Digital Hive application, called mount points. These folder types will look like shortcuts to third-party systems, but in fact be a Digital Hive folder.

A crucial aspect to interacting with content across multiple information systems is the security on the individual folders and files, or object Access Control Lists (ACLs). These permissions are what allows users to interact with approved content and prevent them from accessing sensitive content that is not in their functional scope. A lot of time and effort was spent securing the content in the external third-party systems, and fortunately, Digital Hive will leverage and respect those security settings. No additional security needs to be applied to the content coming from third-party analytics or content management systems. This means that only folders and files added to the Digital Hive folder structure need to be secured, if required.

How Digital Hive permissions work

The Shared Files folder is the root of the Digital Hive folder structure. By default, the permissions applied to this folder are set to Edit access for Administrators, and View access for Consumers. 

 

Any content (folders or files) that are added to the Shared Files folder will automatically assume those same permissions. While functional, as Administrator and Consumer are built-in Digital Hive roles, they probably won't be granular enough for Production deployments. 

To ensure that all content added has a consistent minimum level of access, it is recommended to set the base level of access on the Shared Files folder so that all new content will adopt that level of access rights as a default.

To change the permissions on the Shared Files folder:

1. As an Administrator, click on the user avatar and select Explore Content
   
2. By default, Shared Files should be the initial view, but if it isn't, click Shared Files from the left hand menu
   
3. Locate either the ellipsis  to the right of the screen or the vertical ellipsis  beside Shared Files near the top of the page and click on it
   
4. Select Permissions which will open the Permissions for Shared Files dialog
   
5. In the Search or enter an AD Group field, locate either the Digital Hive user or role, or the group coming from Active Directory (if AD is being used)
   
6. In the Granted permissions section of the dialog, change the permission level of the newly added user, role, or group so that they have either Edit or View
   
   
7. Press Close

Based on the settings above, all content that is now added to Shared Files will start with a security policy that grants Administrators edit permissions, while Authors and Consumers will have view permissions.

To demonstrate the different behaviour that can occur based on various use cases, three folders were created.

1. Admin & Authors Edit: Administrators and Authors can edit
   
2. Consumers Edit: Administrators and Consumers can edit 
   
3. Consumers View: Administrators can edit and Consumers can view
   

Creating a new folder

When creating a new folder, the default permissions will be inherited from the parent folder. For example, is a new folder is created as a sub-folder to Consumers Edit, the default policy would be that both Administrators and Consumers can edit.

Uploading a file

When creating a file is uploaded, the default permissions will be inherited from the parent folder. For example, is a png file is uploaded to the Administrators & Authors folder, the default policy would be that both Administrators and Authors can edit.

Copying a file to a different folder

When a file is copied and pasted to a folder, the user performing the action is presented with a decision to make: keep the permissions that were originally on the file, or adopt the permissions of the parent folder. 

The correct choice would depend on the scenario and the requirements. For example, if the image that was previously uploaded to the Administrators & Authors folder was now also required by Consumers, then copying the png file and pasting to the Consumers Edit folder, and matching the destination's permissions would be the optimal choice. This would result in two copies of the files, one accessible by Authors and one by Consumers. Administrators would be able to access both. 

If the requirement was to also maintain a copy of the images in a more generic 'Images' folder, then copying the file from the Administrators & Authors folder, pasting it into the Images folder and keeping the permissions from the source would be ideal. This way access for only Administrators and Authors is maintained.

Copying a new shortcut to a folder

Copying a file or folder as a shortcut and then pasting it into a different folder will result in the new shortcut object adopting the permissions of the parent folder. For example, a copy as shortcut action is performed on the Administrators & Authors folder, and then the shortcut is pasted into the Consumers View folder. The resulting permissions on that short cut will be different than the original permissions on the Administrators & Authors folder.

Moving a file to a different folder

When a file is moved to a folder, by dragging content onto a folder in the Folder Browser UI, the user performing the action is presented with a decision to make: keep the permissions that were originally on the file, or adopt the permissions of the parent folder. 

This behaviour is similar to the behaviour when copying a file to a folder. 

When viewing or editing permissions on a folder, it is possible to force the current folder permissions to all objects, folders and files, contained in the structure beneath the current folder. For example, looking at the permissions of the Administrators & Authors folder, the current permissions are visible, but there is an APPLY TO CHILDREN button. When pressed, this button will automatically set the permissions on ALL objects contained within the Administrators & Authors folder. This includes all files and folders that are within the Administrators & Authors folder, as well as the files and folders contained with those folders, and all files and folders contained within those folders, etc. Pressing Apply to Children will recursively set the permissions to match the top level folder to all content beneath it, regardless of how many objects, or how many levels of sub-folders that there are.

Why would you want to apply the same permissions to all children?

There are two main use cases for the Apply to Children feature. The first is to ensure that all content within a particular folder has the same access permissions as the folder. In the previous example, pressing Apply to Children on the Administrators & Authors folder will ensure that all content within that folder will be accessible by the correct Digital Hive roles. This is a way to ensure that if any mistakes were made, the permissions can easily be aligned.

The second use case is to quickly propagate changes to a large amount of objects. For example, the Authors role is going to be divided into two new roles, Internal Authors and External Authors. In order to easily change the permissions on necessary content, the permissions can be changed at the top level folder, Administrators & Authors. Then by pressing, Apply to Children, those permissions will be propagated to all of the content within the folder hierarchy.

Pressing the Apply to Children button will automatically start the process of updating the security policy. Only use this button if mass changes are desired.

• Related Articles

• Digital Hive Auditing Explained

  Question The Digital Hive Control Center doesn't seem to provide any reports or views around usage of the platform. Is there a way to create reports to show metrics like the amount of reports executed by platform, the number of searches being made, ...

• How to Upload an Image file into Digital Hive as an Administrator

  Question There are images that we would like to use during the creation of our Hives. As an Administrator, is there a way to upload the files to Digital Hive so that we don't have to connect to the File System or load the images into a Content ...

• How to Upload an Image file into Digital Hive as Author

  Question There are images that we would like to use during the creation of our Hives. As an Author, is there a way to upload the files to Digital Hive so that we don't have to connect to the File System or load the images into a Content Management ...

• Connecting to the Local Windows File System

  Question How do we connect Digital Hive to the local File System? Answer As a Digital Hive administrator, connecting to the File System can be accomplished via the following steps: Launch Digital Hive and login with an admin account Click your avatar ...

• Digital Hive Load Balancing

  Question Due to the number of users and the critical nature of the BI reports, it is desirable to introduce more capacity into the Digital Hive environment. Can Digital Hive be installed across multiple servers? Answer Digital Hive can be installed ...