Collections functions
General functions
Node functions
Render functions
Theme permission functions
User functions
Resource functions

All user permissions

One of the central features of ResourceSpace is the ability to control which resources users are permitted to see and how they are able to interact with them.

Setting user group permissions may grant access as limited as resource viewing only or as open as full edit and download rights. See below for the permission options available within ResourceSpace. Note: all permissions are case sensitive


  • s Can search for resources
  • v Can view confidential (admin only) resources, also download 'restricted' resources
  • g Without this permission, the users in the group will have 'restricted' access to any 'restricted/open' resources.
  • rws? Restrict access to resources in workflow state with reference '?'. Example: setting rws0 would restrict access to resources in 'Active' state.
  • q Can make resource requests.
  • w Show watermarked previews/thumbnails ($watermark must be set in config.php prior to resource upload in order for watermarks to be created.)

Metadata fields / resource types

  • f* Can see all fields
  • f? Can see field with reference ? e.g. f1,f2,f3 (applies to editing, advanced search, and viewing resources).
  • f-? Cannot see the field with reference ? e.g. f*,f-3 means see all fields except field 3.
  • F? DENY write access to the field. The field will not appear on edit or edit all.
  • F* DENY write access to all fields.
  • F-? ALLOW write access to the given field, used with F* to allow write access to specific fields only.
  • T? DENY access to resources with the given resource type ID, also hide this resource type when editing/searching.
  • T?_$ DENY access to resources with the given resource type ID AND the given download size ID, for example T1_scr denies access to the screen size download for photo resources. Use "T1_" (i.e. empty download ID) to deny access to the original resource file.
  • X? RESTRICT access to resources with the given resource type ID.
  • XU? RESTRICT upload access for resources of type ID.
  • X?_$ RESTRICT access to resources with the given resource type ID AND the given download size ID, for example X1_scr restricts access to the screen size download for photo resources.
  • P? Allows edit only access to a specific field on the upload form only. Allows a user to provide a field on upload that is otherwise hidden from them (e.g. confidential information such as subject name).
  • XE? DENY edit access to given resource type
  • XE DENY edit access to ALL resource types by default, to be used in conjuction with the XE? permission
  • XE-? Only for usergroups with XE permission, ALLOW edit access to resources of the given resource type with the XE? permission

Resource creation

    • c Can create resources / upload files (Admin users; resources go directly into usable state)
    • d Can create resources / upload files (Normal users; resources go into 'pre-check' state.)
    • e? Can edit resources in specific archive state, e.g. e0, e1, e2 (includes deletion)
      • e0 Not archived (visible in a normal search)
      • e1 Waiting to be archived (hidden from searches)
      • e2 Archived (visible in archive searches only)

Normally the resource management team will have e0 and e1, and the archive team will have e1 and e2. Further permissions govern access to user contributed resources.

    • e-2 User contributed, awaiting user submission
    • e-1 User contributed, awaiting team review
  • ert? Can always edit resources of the specified resource type in any archive state, can be used if the user does not have access to the admin area for delegation of publishing control
  • ea0 Can edit open access resources
  • ea1 Can set resource access to restricted
  • ea2 Can set resource access to confidential
  • ea3 Can set resource access to custom
  • i Can manage archive resources
  • A Can manage alternative files
  • n Can tag resources using 'Speed Tagging' (must be enabled in config).

Featured collection / collections


  • b Suppress bottom collections frame and all associated collections functionality (not advisable for administrator groups as collections make resource management much easier)
  • h Can publish featured collections, and edit all collections
  • exup Can create external collection upload links
  • hdta Can manage default dash / all user tiles (requires h permission)
  • hdt_ug Can manage user group dash tiles (requires h permission)
  • dtu Can manage own dash
  • j* Can see all featured collection categories. Please note that setting j* after making changes to individual featured collection (sub-)categories will add those changes under the "Custom permissions". In that case to really have j*, will require removing the custom j? or -j? permissions manually.
  • j? Can see featured collection in category. Change "?" with the actual collection ID (e.g. j34)
  • -j? Deny access to featured collection (e.g. -j87). If denying access to a category, access is prevented to sub-featured collections.
  • J Can only search for resources which appear in featured collections allowed by j permissions (not compatible with certain configs or permissions including uploading, as users will be unable to view their own contributions!)
  • X Allows selection of a user group to determine access level when sharing externally so that when accessed options, fields etc. will be viewed as if by a member of that group.

Restrictive permissions


  • p Cannot change own password. Useful for shared user accounts.
  • D Cannot delete resources.
  • noex Cannot share resources externally (internal sharing is still possible, provided $allow_share=true;)
  • nolock Can not lock resources.



  • a Can access system menu
  • t Can access administration menu
  • r Can manage research requests
  • R Can manage resource requests / orders
  • Ra Can assign resource requests to others
  • Rb Can be assigned resource requests (also; can only see resource requests assigned to them in the Manage Resource Requests area)
  • o Can manage content
  • m Can bulk-mail users
  • u Can manage users
  • k Can manage keywords (add/remove keyword relationships and add/remove/rename checkbox/dropdown list options (tags))
  • bdk? Cannot add dynamic tags to the list straight from the field (ie. when on Upload or Edit page)
  • ex Can manage external shares with expiry set to "Never"
  • lm Can manage licenses (users with 'a' will have access anyway)
  • cm Can manage consent records (users with 'a' will have access anyway)

Restrictive group permissions (allows isolated groups to be created)


  • U (upper case) Can manage users in children groups to the user's group only
  • E (upper case) Can email resources to users in the user's own group, children groups and parent group only. Also when using custom access, can only select groups from own group, children groups and parent group. For user list auto-completion (e.g. when e-mailing a resource) the user will only see users from their own group, children groups and parent group.