Roles and access in the WCMS

On this page:


Overview

The Web Content Management System (WCMS), also known as Cascade CMS, provides the ability to implement complex permissions and access to assets. The following guide explains how basic site roles are configured and gives suggestions for setting up more complex permissions.

User

A user is an individual who uses the WCMS. They access the WCMS over the IU VPN or through the campus network. They authenticate through IU Login using their personal credentials when accessing the WCMS. A user leaves an audit trail in the WCMS.

Site Managers can add users to the WCMS by using the WCMS Manager Tools. Group accounts are not valid usernames.

Group

A group consists of one or more users with common permissions. Permissions are roles and access rights.

Site Managers can add and remove users from groups by using the WCMS Manager Tools. Managers may not remove themselves from the manager group.

Role

A role defines the ability for a user or group to perform actions or functions in the WCMS. For instance, a Site Manager role gives you the ability to edit access to assets like pages. A Site Contributor role gives you the ability to move and rename assets.

There are two types of roles: system roles and site roles. A system role defines functions at a system-wide level, beyond your single site. A site role defines functions within a specific site. For instance, the WCMS Administrators are the only users with the system role of Administrator.

Access rights (ACLs)

Access rights, or ACLs, control what assets are visible to a user or group. You can edit the access for a single asset, or you can edit the access for the contents of one or more directories.

Site roles

There are four site roles: Manager, Publisher, Approver, and Contributor. You can assign a group to a site sole by using the WCMS Manager Tools.

A Site Manager is the only one that can access the manage site area and access the WCMS Manager Tools. Site Managers are the only role that can change access to an asset. Site Publishers can publish assets. Site Approvers can approve and assign workflows. Site Contributors can create, edit, move, and rename assets.

Permissions for site roles are cascading. This means a user in a group with the Site Manager role does not have to add themselves to a group with the Site Contributor role, because a Site Manager can do everything a Site Contributor can do.

Action Site Manager Site Publisher Site Approver Site Contributor
Access Manage Site area X
Access Manager Tools X
Change ACL X
Publish assets X X
Assign and approve workflows X X X
Create and edit assets X X X X
Move and rename assets X X X X

Default site roles

Every new site in the WCMS is set up with default groups and permissions. Each group is given a site role. The <Site Name>_manager group is given the Site Manager role and has write access to all assets. The <Site Name>_publisher group is given the Site Publisher role and has write access to publishable assets and folders. The <Site Name>_approver group is given the Site Approver role and has read access to all assets. The <Site Name>_contributor group is given the Site Contributor role and has read access to all assets. Groups with the Site Approver and Site Contributor roles must be given write access to assets before the groups can edit these assets.

Role Group name Access rights
Site Manager <Site Name>_manager
Read - All Assets
Write - All Assets
Site Publisher <Site Name>_publisher
Read - All Assets*
Write - All Assets*
Site Approver <Site Name>_approver
Read - All Assets*
Write - All Assets*
Site Contributor <Site Name>_contributor
Read - All Assets*
Write - All Assets*

*Access rights exception: IU Web Framework sites contain assets that are intended for Site Managers only. These assets are not accessible by any other roles including Site Publisher, Site Approver, and Site Contributor. Only Site Managers can grant read or write access rights for these assets.

Add and remove groups from site roles

Site Managers can add and remove groups from site roles by using the WCMS Manager Tools.

Grant access to specific assets

Site Managers may want to grant access to specific assets while hiding all other assets. This is done by granting groups access to both site content and a site role. A user will not be able to access a site unless they are in a group that is assigned to the root folder and to a site role. There are two options to choose from depending on your site's needs:

This is document bhjd in the Knowledge Base.
Last modified on 2023-09-11 15:30:13.