Some customers may want to prevent unauthorized users from accessing site assets/files. In the Digital Asset Manager (DAM), when using "Standard" folder type, unauthenticated users may still be able to access the files within the folder even if it is restricted to specific users and roles. They just need the file URL to view/download it. To solve this, a "Secure" folder type may be used.
Superuser access to the site
To prevent unauthenticated users from accessing the files via the file URLs, you need to use a "Secure" folder type and update the appropriate folder permissions.
- Log in to the site as Superuser.
- Browse to the page where the DAM module is located.
- In the appropriate directory, add a "Secure" folder type.
- Right-click on the newly created "Secure" folder and select Properties.
- Go to the Permissions tab and set the necessary permissions.
Get the file URL of a file in the secure folder (right-click and select 'Get URL') and browse through it via an Incognito/Private Browser tab. It will prompt you to log in to the site.