Reports Utilities Documentation Development

Permissions

There are three resources that define how users interact securely with different elements of the cms. These are Users, User Groups and Group Privileges.

User Permissions

Users can belong to different groups and websites as shown below.

Member of user groups:	Root  General Public    Users      Members        Staff      Administrators        Content Editors        Global Editors        Global Administrators        Web designers
Member of websites:	Root  My Website  Liquorice  Extranet  Another Website

If a user belongs to a group which is lower down on the hierarchy, then that user inherits the permissions of the groups that are above it. In the example above, the user is a member of the 'Members' group. This user has the same permissions as 'Users', 'General Public' and the 'Root' group. However, they don't have the same permissions as the 'Administrators' group (or any group below that one) as 'Administrators' is on a different branch to the 'Members' group.

A user can belong to multiple groups, as there may be cases where the user needs to branch across different groups. in this case the user inherits the permissions of the parent groups for all branches that they are a member of.

Users can also belong to multiple websites. This is useful if a website has microsites, with
The Root website is a special case: if a user is a member of this website, they are effectively a member of all websites in the system.

User Group Permissions

Available Resources:	PagesFormsSnippetsStylesheetsTemplatesNews ItemsEmail SubscriptionsEmailsEmail TemplatesFieldsNews CategoriesQueriesUser GroupsJavascriptsUsersResourcesEmail ListsForum BoardsForum Swear WordsForum Blocked UsersForum MessagesMediaShop CategoriesReportsWebsitesEventsEvent CategoriesJob CategoriesJobsDocument TypesGroup Privileges
Parent:	Root  General Public    Users      Members        Staff      Administrators        Content Editors        Global Editors        Global Administrators        Web designers

The available resources for each group dictate which resources the group can access. In the example above, the group is allowed to view 'News Items' and 'News Categories' but nothing else.
The Parent selection determines where the group resides on the group tree. The group in the example above belongs to the 'Users' group, so will also inherit the ability to view any resources that are available to the Users group.

Group Privileges

Displayed below are the privileges for certain resources as they apply to groups.

Page 1/1  <<>> 5 records  Show  records per page Search:
	GroupRoot  General Public    Users      Members        Students        Graduates        International Board Member        Staff      Administrators        College IT Administrators        College Administrators        Global Editors        Global Administrators        Web designers        IO Administrator	ResourcePagesFormsSnippetsStylesheetsTemplatesNews ItemsEmail SubscriptionsEmailsEmail TemplatesFieldsNews CategoriesQueriesUser GroupsJavascriptsUsersResourcesEmail ListsForum BoardsForum Swear WordsForum Blocked UsersForum MessagesMediaShop CategoriesReportsCollege SectionsEventsEvent CategoriesJob CategoriesJobsUnited World MagazineShort CoursesDocument TypesGroup Privileges	Manage	Emails	Create	Edit	Delete	Publish	Copy	Import	Export	DateUpdated
	Global Editors	Pages										11:50 AM 29 Jun 05
	Web designers	Media										1:30 AM 07 Jul 05
	Users	Media										11:04 PM 06 Jul 05
	User Managers	Users										10:32 PM 06 Jul 05
	Web designers	Snippets										11:27 PM 06 Jul 05

  ->  

There are different attributes such as Manage, Emails, Create, Edit etc.

Manage - if ticked, the user can access (view) all items for that resource. Otherwise the user will be restricted to those items that they have ownership of (ie. created themselves).

Emails - if the resource uses email, users belonging to a group that receives emails for that resource will receive emails from that resource. examples of resources that use email are pages (which send an email to the publisher of the page to validate) and users, which sends an email to the user when a different user has just registered.

In the list above, Global editors can publish pages, but not edit their contents.

Users can only create, edit and delete their own media. The Users group would need to enable 'Manage' to see the Media resources available to all users.

Because global editors can manage pages, they can view all pages, including those created by other people.

Database calls: 58 | Cached database calls: 0 | Script time: 0.45904207229614 | | 1.92