Hello - I'm trying to hide the Files and Images tab from our users because I can't allow them to delete other user's files or replace them (we can put group sharing and mapped drives behind the scenes for a work-around).

I can't use Hamish's Secure Files because we are running on IIS7 (the job states that I do). When I create a ROLE (or even if I don't use Role), I give them "Pages" access but do NOT check the FIles and Images. It doesn't matter.... when that user logs in, they see it - and have full control. I did upgrade from 2.3 - could this be the problem?

How does everyone else in a CMS enviornment control the Assets folder - this seems like a pretty big deal for me and it shouldn't be up to Hamish and his team to come up with a solution. This should be at the base level of any CMS (... or am I crazy?)

Help - we go live month - and I'm getting a little nervous with the boss(es) asking me about Security related issues....

Ugh...

Oh yes - Martijn - you are my hero! That what it was - the "Parent" group still had those permissions and was over-riding the new role.
THANK YOU! I marked the Title as - SOLVED. I appreciate the quick response and I'm on my way to breathing easy now... Time for some coffee... whew.