The access settings in OU Campus provide control for functionality found throughout the system. Examples of access settings include defining which users can edit a specific page, binary file, directory, or asset. Access settings can also be assigned to users; for example, a toolbar or an approver can be assigned to a user. When access settings overlap, the order of precedence determines the access setting that is used; a setting that is closer to the content overrides others. Understanding the access settings and how settings closer to the content take precedence can be very helpful in configuring a site in order to provide the appropriate access to content for specific groups of users.
Access settings can be assigned to:
- Editable regions
- Binary files
- Publish targets
- RSS feeds
- Facebook Pages (as used within OU Campus)
- Twitter Accounts (as used within OU Campus)
Generally, access settings that can be modified include:
- Access Group
- Enforce Approver
- Bypass Approval
- Template Group
- RSS Feed
- URL Type
- Exclude from Search
- Exclude from Sitemap
- Directory Variables
Additional settings that involve access to content are:
- Available To (available in various locations, including the production server for a site, Facebook page, Twitter account, etc.)
- Local Assets Group (Specifies a group that can access assets only on the site on which the setting is configured)
- Lock to Site (available for assets)
- Admin Access Only (Add-Ons)
Access Settings and Workflow
Access settings can be configured to determine and implement an approval workflow. Users may have approvers set to them, which will revoke their right to publish and require them to submit pages to another user for approval instead. This applies even to user levels who would normally be able to publish on their own, the only exception being Level 10 Administrators. Approvers may be enforced, which means that the user can no longer choose to whom to send the content for approval, but are instead required to send it to enforced approver only. On the other hand, a Bypass Approval group may be set, allowing members of the group to override the approval process.
In the example above, Anna is a user editing content. Normally, her enforced approver is Bob, meaning any changes she makes need to be approved by him. However, the approver for the alumni directory is Christine, so if Anna makes changes within that directory Christine must approve them, not Bob. On the other hand, Anna is in the Bypass Approval group for the Faculty Page, so she may publish directly any changes she makes to that page.
Inheritance and Precedence
Two important concepts to keep in mind during the creation of workflows in OU Campus are the ideas of inheritance and precedence.
Inheritance explains how the system functions in terms of access settings being determined by the settings above them. Precedence explains that the settings closer to the content override any settings that may have been set above it.
Access settings are inherited by default from the parent. For example, if a site has a specific access setting, any directories created within the site will automatically have that same access setting as well unless specified otherwise. Likewise, pages and binary files inherit their parent directory setting unless otherwise restricted. New assets inherit access settings from the Site Asset Access settings. One exception to the rule of inheritance is for URL Type, as this takes the URL Type as specified with the site record if not specifically set.
One way to override inheritance is by assigning the access setting within a TCF. When a user creates new content with the template using that TCF, then the desired value for the access group can be assigned automatically. Likewise, the TCF can also be designed to allow a user to choose an access group at the time of new content creation.
When configuring the access settings and other permissions, it is generally best to start at the top and work down, as it is common for the permissions to become more restrictive and less generalized as the settings get closer to the content. For example, a site might allow access to twenty users, a directory within the site might allow access to ten, a page within the directory five, and so forth.
If the content has already been migrated into the system or configured, the recursive option within the site and directory settings may be useful. Using the Recursive Modification setting can selectively change access settings for the current item and all subordinate items, even if they have already been created; Non-Recursive Modification applies only to files created after the settings have been modified. When first assigning permissions, using the recursive setting is relatively safe, but as the permissions are changed throughout the site, the use of the recursive option should be used sparingly.
Precedence takes place by giving settings closer to the content higher importance. For example, when a user has an approver assigned to their user settings, and the user is working on a page with a different approver assigned, the approver for the page takes precedence. This provides a solid workflow structure, while at the same time allowing for a flexible alternative that can be set up and used quickly and easily as a group can be assigned at various levels in the system to circumvent the approvals process, for example, to a page or directory.
In conjunction with inheritance, precedence defines the order in which settings will be used. The closer a setting is to the content, the greater precedence it takes. This is especially important to understand with regard to user settings.
Users are considered to have the least amount of precedence as they are furthest from the content. Therefore, if it is important to have settings based on the user, be sure that the setting is not different anywhere else within the site.
The order of precedence is as follows (in order of lowest to highest):
Additionally, access settings can be assigned to the servers, assets, templates, blogs, and other social media.
Permissions for Access Settings
Level 8: Can change who has access to the directory, page, binary file, or asset to any group to which he or she belongs.
Level 9: Can change who can access the directory, page, binary file, or asset to any currently defined group.
Level 10: Can change who can access the directory, page, binary file, or asset, as well as modify the other site access settings and directory variables, including those belonging to the site.