Permissions

Permissions video

This video will bring you through some of the basic concepts.  5:02 minutes.

Permissions

The permission system co-ordinates who has access and control, a so-called Access Control List (ACL) for each piece of content stored on Core dna. 

Accessing the permissions system

There are a number of ways that you can access the controls, these operate up to three different levels 

1. Module Level

2. Module Section Level (for some modules) 

3. Individual Content Level

The lower levels can overwrite the level of access set above it. Access and controls is generally set by site administrators, but it is possible to grant user groups access to control this feature. 

Best practice is to set permissions at the highest level first, and then on the lower levels, this helps to avoid confusion. For example, should someone only need to edit content under a certain node of your tree, you could add them (or a user group) to this particular node for editing. They should have, by default, access to read the content, but not to edit. On the content node you want to grant them access, you should then enable them to edit from this level.

1) Module Level

This is found under Connections » Users » Permissions

Overall permissions, on the highest level can be set here:

A permission settings page for each module can be accessed by clicking on the “edit permissions key” action positioned at the last column within the table view:

2) Module section level 

For certain modules you may be able to have permissions on the module section, where are is an additional hierarchy level to set permissions. e.g. Blogs. This permission control is found under Content » <MODULE_NAME> » List » ⋮ »  Permissions, e.g. Content » Blogs » List » ⋮ » Permissions

3) Individual content level

This is found under Content » <MODULE_NAME > » List  » ⋮ »  Permissions e.g. Content » Pages » List » ⋮ » Permissions

Permissions Settings / default settings

You may see that the record's permissions can inherit from their parent. In the case that this is set, the content will inherit from its parent. To override this, and to set access for the individual piece of content you can set this to false. 

Once set to falls permission settings for the record will show:

Permissions Setting page is divided into these main configuration sections:

• Default Permissions

  • Used to configure default permissions for all Users & Groups

• User Permissions

  • Used to configure permissions for specific users only

• Group Permissions

  • Used to configure permissions for specific groups

  • 
    

Permissions Settings / types of access

There are a number of permissions that can be set, here is an overview of what they can do 

• READ - can view this content 

• CREATE - can create sub-content under this content node

• EDIT - can amend the content 

• DELETE - can delete the content 

• PUBLISH - can publish (make viewable to the world) the content

• ADMIN - can manage and set permissions for this content piece and sub-content pieces

Additionally, there are two different types of permissions

• OWNER PERMISSIONS - each piece of content can have an owner, this owner can have additional permissions, these permissions can be outside of what they normally can do. For example, you may allow an owner of the content to 'Publish' changes, but your regular user can only 'Edit' the content. 

• ALL USERS PERMISSIONS - the default user on the system, what they have access to. 

Other's permissions

It is possible to give users or user groups the ability to manage the permissions of a module/content piece. Here they can set the permissions for items below this level of permission. 

Under User permissions, you can set the permissions per individual user. This is outside whether they are the owner of the piece of content.

Under Group permissions you can set the permissions per user group. Groups can be an easier way to manage permissions. You can manage groups under Users » Connections » Groups.

Permission Checker

Use the permission checker to check which permissions have been applied to a specific user. 

It is possible to search and filter users by Module > Entity > Record > Permission > User:

Example Granted:

Example Denied: