Removing Publish right

The Read/Write permissions by default allow for the user to be able to publish documents as well. Can you remove the right to publish from those who have Read/Write permissions?

I want the members to have read/write permissions, but I only want the Admin to be able to actually publish documents.


0 votes

1 answers



There is a “Can ask for publishing” that can be denied, but it does not work properly:

This permission is intended to solve this problem:

The “Can ask for publishing” permission is intended to be denied, so as to restrict the actions available to users with “Read” permission, typically to enable users to see the content of a section without being able to publish in the section.

Nuxeo 6.0 apparently solves the problem.

0 votes

"Can ask for publishing" does work, as mentionned in your link, in order to work properly you have to take care to declare this ACL before the Read one.

One should always consider the order of ACLs … although they have to be exported to be seen


Hi pibou,

I'm afraid it does not. If you read the post, you can see I tested declaring the deny privilege first.

Could you please test it with the Nuxeo VM and provide steps to get it working?

Anyway, if it worked, having to export the ACL to understand what privilege is granted does not seem as a desirable behaviour.



As mentioned Nuxeo 6.0 fixes this. Keep in mind that Nuxeo is a platform, and not everything that's possible at the API level is exposed in the default UI provided. Customizing the UI to expose more fine-grained information is possible.