Hi,

This is in reference to the forum post I created regarding handling file upload permissions in CMS 12:

https://world.optimizely.com/forum/developer-forum/Developer-to-developer/Thread-Container/2025/2/solution-for-handling-file-upload-permissions-in-episerver-cms-12/

The proposed solution involved creating a scheduled job to retrieve the Uploaded Files folder ID and update the roles accordingly. Unfortunately, the link to the solution appears to be broken. Here's the code snippet for the scheduled job that was suggested by another user, which worked well.

        public override string Execute()
        {
            // Notify job execution start
            OnStatusChanged($"Starting execution of {GetType()}");

            try
            {
                var siteDefinitions = _siteDefinitionRepository.List().ToList();

                if (!siteDefinitions.Any())
                {
                    OnStatusChanged("No site definitions found.");
                    return "No sites to process.";
                }

                foreach (var siteDefinition in siteDefinitions)
                {
                    var startPage = _contentLoader.Get<StartPage>(siteDefinition.StartPage);

                    // Skip if no folder ID is set
                    if (string.IsNullOrWhiteSpace(startPage.OptimizelyFormUploadedFilesFolderId))
                        continue;

                    var pageData = _contentRepository.Get<PageData>(startPage.ContentLink);
                    var aclEntries = pageData.ACL.Entries;

                    // Get author and approver for the site
                    var accessControlEntries = aclEntries as AccessControlEntry[] ?? aclEntries.ToArray();
                    var author = accessControlEntries.FirstOrDefault(x => x.Name.Contains("Author"))?.Name;
                    var approver = accessControlEntries.FirstOrDefault(x => x.Name.Contains("Approver"))?.Name;

                    if (string.IsNullOrEmpty(author))
                    {
                        Logger.Warning(
                            $"No 'Author' found in ACL for site {siteDefinition.Name}. Skipping permissions update.");
                        continue;
                    }

                    if (string.IsNullOrEmpty(approver))
                    {
                        Logger.Warning(
                            $"No 'Approver' found in ACL for site {siteDefinition.Name}. Skipping permissions update.");
                        continue;
                    }

                    var contentLink = new ContentReference(startPage.OptimizelyFormUploadedFilesFolderId);
                    var content = _contentRepository.Get<IContent>(contentLink);

                    if (content is IContentSecurable securable)
                    {
                        try
                        {
                            var descriptor = securable.GetContentSecurityDescriptor();
                            var writableDescriptor = (IContentSecurityDescriptor)descriptor.CreateWritableClone();

                            writableDescriptor.Clear();
                            writableDescriptor.AddEntry(new AccessControlEntry("Everyone", AccessLevel.Read, SecurityEntityType.Role));
                            writableDescriptor.AddEntry(new AccessControlEntry(author, AccessLevel.Read | AccessLevel.Create | AccessLevel.Edit | AccessLevel.Delete, SecurityEntityType.Role));
                            writableDescriptor.AddEntry(new AccessControlEntry(approver, AccessLevel.Read | AccessLevel.Create | AccessLevel.Edit | AccessLevel.Delete | AccessLevel.Publish, SecurityEntityType.Role));

                            // Save updated permissions
                            _contentSecurityRepository.Save(contentLink, writableDescriptor, SecuritySaveType.Replace);
                            Logger.Information($"Updated permissions for content: {contentLink}");

                            //One the access rights are updated, clear the folder id from Start Page
                            var writableDescriptorForStartPage = (StartPage)startPage.CreateWritableClone();
                            writableDescriptorForStartPage.OptimizelyFormUploadedFilesFolderId = string.Empty;
                            _contentRepository.Save(writableDescriptorForStartPage, SaveAction.Publish, AccessLevel.NoAccess);
                        }
                        catch (Exception ex)
                        {
                            Logger.Error(
                                $"Error while clearing and updating permissions for {contentLink}: {ex.Message}", ex);
                            return $"Error: {ex.Message}";
                        }
                    }
                    else
                    {
                        Logger.Warning($"Content at {contentLink} is not securable.");
                    }
                }

                OnStatusChanged("Successfully updated Optimizely Forms File Upload Folder access");
                return "Successfully updated Optimizely Forms File Upload Folder access";
            }
            catch (Exception ex)
            {
                Logger.Error("Error while updating Optimizely Forms File Upload Folder permissions.", ex);
                OnStatusChanged("An error occurred during the execution.");
                return $"Error: {ex.Message}";
            }
        }

However, once folder access is granted, any new files added to the Uploaded Files folder cause the permissions for all files within the folder to revert to restricted. Since EditSecurity.aspx is no longer available in CMS 12, is there an alternative way to manage access to uploaded files?

Any input is appreciated.

Regards.