Preventing deleting asset folders and regular folders for all roles except admin

Since we are having a problem with users deleting asset folders and regular folders without our knowledge, we need some kind of new “delete” permission… see screenshot attached.

Aaron, great idea! I love this…

This seems really, really, really important. Any movement on this? This seems like a huge vulnerability to me.

Not yet I’m afraid. However, we are spending some time looking at governance in general so we’ll be sure to add this to the group of features we review in that process.

Please vote if this is important to you so we can prioritize our work based on what you want!

I’ve voted already, and today I lost half a day’s worth of work because someone deleted a folder by accident. This does not seem like a Feature, this seems like something that any CMS should have. I’m extremely bothered that there’s no undelete/recover files/assets function.

Hi all,

I’m not sure if this is exactly what you’re looking for, but this might work for you:

Log in as an Admin user and select the Assets folder you’d like to change the permissions of. This will only work for folders you have created yourself and not the default system /Assets directories such as Uploads, Polls, Calendars, etc.

Click the gear box on the top right of the user interface and select ‘Folder Properties.’

From here, expand permissions and choose ‘All users may:’ Read (use content, but not modify, add or remove it).

With this set, only Admin users will be able to remove that directory. Let me know if this helps or if you have more questions.

Chris W

Whoops, I meant to specify choosing Write (modify, add, remove and use content).

This will allow users to edit/add the content within a directory (including sub directories), but not delete the folder. Let me know if this helps.

Chris W

@chris - I have done like this before. It only worked for first level folder but the changes does not apply the rest of the folders inside it. Imagine you’ll have to go to folder properties for each folders… not very effective.

Hi Aaron,

Agreed. This would be nice to implement as a more robust feature. As Peter stated, we are reviewing some potential improvements to governance. I’m going to convert this to an idea, and add this to the list of ideas we have around governance.

Chris W

Oof, I don’t even want to think about having to set permissions on every folder… I’m not paid enough haha.

Any updates on this feature?

Hi Shon,

Not yet. There are a few things that have moved in front of this category of features.

One quick alternative would be for us to either make delete only available to Admins globally or to make that a server side configuration option.  My concern if we did that would be that then admins would get calls for every item that someone wants to delete.

I am not sure what people would think of that as a short term alternative feature?

Thanks Nate.

I don’t think that solution would be viable in our case; users will need to delete child folders they create.

Ideally, what would work for us, would be “folders that were created by admins could only be deleted by admins”.

As a workaround, we’re changing all of those specific folder permissions from “administer” to “write”. It just seems like a lot of manual work. :slight_smile:

Best regards,

The Folder API can be used to script that.   Any client scripting language that supports REST is supported by the API.  I think Sam was testing this out to make sure it was working for your use case before responding on the Support Ticket. 


I had to space this because it kept reformatting the url.

 https:// < your instance> / cm/api/index.html#!/folders/updateFolder

It will give you a Swagger interface for testing/browsing the API.  The permissions on the Folder are exposed there. There is some additional information on the API here: