Planning Access

Overview

Pre-planning access to sites, directories, pages, and specific editing regions on pages is very important for management over the long haul.

Planning Groups

When managing access, consider what content groups of users should be able to edit. First create groups of users, then build access (or editing rights) around these groups. Doing so will make it easier to manage access to sites, directories, files, and sections of files by adding and deleting users to those groups.

Remember that only Level 10 administrators can create users and groups, and that all Level 9 and Level 10 users ignore group access settings, giving these users access to everything on the site.

Planning Access to Directories and Files

Two important values for access settings are Everyone and (Administrators Only). The Everyone group is a system group that cannot be edited but includes everyone within the account. The (Administrators Only) group includes only only Level 9 and Level 10 administrators. There is also the (Inherit from Parent) group, which is the default for most of the settings if no other group has been selected.

This can be capitalized upon in an organizational sense by assigning access from the top down. Find a directory tree structure and assign it the broadest possible access in a recursive manner, using the checkbox that assigns permission to "This folder and all existing items within." Continue moving deeper through the directory tree, modifying access settings to narrow and refine access using this same manner. Note that several access values can be modified simultaneously (while leaving some values untouched) by using the checkboxes next to each property.

Reassigning Access at the File Level

As needed, override access at the file level to ensure that only the smallest possible group has access to that file.

Planning Editable Regions

Finally, editable regions of a page should tagged with the appropriate group name. There are two best practice strategies to keep in mind at this level of access.

  1. Regions of a page that should be editable by everyone who has access to the file should be assigned to the special group "Everyone." Since only those who have access to the file can access the page in the first place, it is redundant to restrict access for those specific regions to the same group.
  2. Regions of a page that need to be restricted to specific users should be set to specific functional groups such as "header," "footer," "left_navigation," etc., rather than the specific users themselves, and the appropriate users placed in each group. This provides the most flexibility over time, while at the same time giving users the correct access to the correct pages.

In order to tag editable regions and change their access settings, it is necessary to go into the source code of that page and change it from there. 

For more information, visit the Editable Regions page.

Example

Consider the following path to a page:

/admissions/2009/fall/index.html

Following our recommended settings, the /admissions/ directory would be set to the group "admissions," making sure that the change is applied recursively. That assigns all files and folders within the directory to the "admissions" group, including the index.html file. 

The page now allows access to the following users who comprise the "admissions" group: Anna, Bob, Christine, Diego, Erika, Fred, and Grace. The editable regions then allow access to specific user groups as follows: 

  • main body (Anna, Bob, Christine)
  • header (Diego, Erika)
  • footer (Diego, Erika)
  • left_navigation (Anna, Christine, Diego, Erika)
  • news (Anna, Fred, Grace)

In this example, the file index.html has five tagged editable regions: main body, header, footer, left_navigation, and news.  Each of these regions is tagged in the source code with the group by the same name, with the exception of the main body regions that are tagged with the group "Everyone." With that, and the page tagging as described above, the results are as follows:

  • The main body of the page will be editable by Anna, Bob, and Christine (but no one else).
  • The header will be editable by Diego and Erika (but no one else).
  • The footer will be editable by Diego and Erika (but no one else).
  • The left_navigation of the page will be editable by Anna, Christine, Diego, and Erika (but no one else).
  • The news will be editable by Anna, Fred, and Grace, but no one else. Furthermore, the only region of the page that Fred and Grace can edit is the news.

This way, if Bob someday leaves the main body group, and Henry takes his place, no changes will have to be made to the access settings themselves. All that will need to be changed is the members of the group, i.e. taking Bob out and putting Henry in.