Roles and access in the WCMS
On this page:
Overview
The Web Content Management System (WCMS), also known as Cascade CMS, provides the ability to implement complex permissions and access to assets. The following guide explains how basic site roles are configured and gives suggestions for setting up more complex permissions.
User
A user is an individual who uses the WCMS. They access the WCMS over the IU VPN or through the campus network. They authenticate through IU Login using their personal credentials when accessing the WCMS. A user leaves an audit trail in the WCMS.
Site Managers can add users to the WCMS by using the WCMS Manager Tools. Group accounts are not valid usernames.
Group
A group consists of one or more users with common permissions. Permissions are roles and access rights.
Site Managers can add and remove users from groups by using the WCMS Manager Tools. Managers may not remove themselves from the manager group.
Role
A role defines the ability for a user or group to perform actions or functions in the WCMS. For instance, a Site Manager role gives you the ability to edit access to assets like pages. A Site Contributor role gives you the ability to move and rename assets.
There are two types of roles: system roles and site roles. A system role defines functions at a system-wide level, beyond your single site. A site role defines functions within a specific site. For instance, the WCMS Administrators are the only users with the system role of Administrator.
Access rights (ACLs)
Access rights, or ACLs, control what assets are visible to a user or group. You can edit the access for a single asset, or you can edit the access for the contents of one or more directories.
Site roles
There are four site roles: Manager, Publisher, Approver, and Contributor. You can assign a group to a site sole by using the WCMS Manager Tools.
A Site Manager is the only one that can access the manage site area and access the WCMS Manager Tools. Site Managers are the only role that can change access to an asset. Site Publishers can publish assets. Site Approvers can approve and assign workflows. Site Contributors can create, edit, move, and rename assets.
Permissions for site roles are cascading. This means a user in a group with the Site Manager role does not have to add themselves to a group with the Site Contributor role, because a Site Manager can do everything a Site Contributor can do.
Action | Site Manager | Site Publisher | Site Approver | Site Contributor |
---|---|---|---|---|
Access Manage Site area | X | |||
Access Manager Tools | X | |||
Change ACL | X | |||
Publish assets | X | X | ||
Assign and approve workflows | X | X | X | |
Create and edit assets | X | X | X | X |
Move and rename assets | X | X | X | X |
Default site roles
Every new site in the WCMS is set up with default groups and permissions. Each group is given a site role. The <Site Name>_manager
group is given the Site Manager role and has write access to all assets. The <Site Name>_publisher
group is given the Site Publisher role and has write access to publishable assets and folders. The <Site Name>_approver
group is given the Site Approver role and has read access to all assets. The <Site Name>_contributor
group is given the Site Contributor role and has read access to all assets. Groups with the Site Approver and Site Contributor roles must be given write access to assets before the groups can edit these assets.
Role | Group name | Access rights |
---|---|---|
Site Manager | <Site Name>_manager |
Read - All Assets Write - All Assets |
Site Publisher | <Site Name>_publisher |
Read - All Assets* Write - All Assets* |
Site Approver | <Site Name>_approver |
Read - All Assets* Write - All Assets* |
Site Contributor | <Site Name>_contributor |
Read - All Assets* Write - All Assets* |
*Access rights exception: IU Web Framework sites contain assets that are intended for Site Managers only. These assets are not accessible by any other roles including Site Publisher, Site Approver, and Site Contributor. Only Site Managers can grant read or write access rights for these assets.
Add and remove groups from site roles
Site Managers can add and remove groups from site roles by using the WCMS Manager Tools.
Grant access to specific assets
Site Managers may want to grant access to specific assets while hiding all other assets. This is done by granting groups access to both site content and a site role. A user will not be able to access a site unless they are in a group that is assigned to the root folder and to a site role. There are two options to choose from depending on your site's needs:
This is document bhjd in the Knowledge Base.
Last modified on 2023-09-11 15:30:13.