Planning Access to Sites and Content Areas
Pre-planning access to sites, directories, pages, and specific editing regions on pages is very important for management over the long-haul.
When managing access, you should consider what content you want groups of users to be able to edit. First create groups of users, then build access (or editing rights) around these groups. Doing so, will make it easier to manage access to sites, directories, files and sections of files by simply adding and deleting users to those groups.
Remember only Level 10 administrators can create users and groups. And, keep in mind that all Level 9 and Level 10 users ignore groups and access effectively giving these users access to everything on the site.
By default, all files and directory access is set to Access: NONE Use this to your advantage and assign access from the top down. Find a directory tree structure and assign it the broadest possible access in a recursive manner using the checkbox that assigns permission to "This folder and all existing items within". Continue moving deeper through the directory tree modifying access to narrow and refine access using this same manner. Note that you can modify several access values simultaneously (while leaving some values untouched) by using the checkboxes next to each property.
As needed, override access at the file level to ensure that only the smallest possible group has access to that file.
Finally, editable regions of a page should tagged with the appropriate group name. There are two best practice strategies to keep in mind at this level of access.
Regions of a page that should be editable by everyone who has access to the file should be assigned to the special group "everyone". Since only those who have access to the file can get "in the door" so-to-speak, not just anyone will be able to edit these regions. So, the main body of the page, and other generally editable regions should be set to the "everyone" group.
Regions of a page that you'd like restricted to specific users should be set to specific functional groups such as "header", "footer", "left_navigation", etc. This will give you the most flexibility over time, and give your users the correct access to the correct pages.
Let's assume the following path to a page: /admissions/2009/fall/index.html And let's assume you have the following groups with the following users:
- admissions (Tom, Bill, Mary)
- header (Jim, Pam)
- footer (Jim, Pam)
- left_navigation (Tom, Mary, Jim, Pam)
- news (Ryan, Tom, Kevin)
Let's also assume that the file index.html has four tagged editable regions: "header", "footer", "left_navigation", and "main body". Each of these regions is tagged with the group by the same name, with the exception of the "main body" regions that is tagged with the group "everyone".
Following our best practices guidelines, we would set the /admissions/ directory to the group "admissions" and check the option for "This folder and all existing items within". That will assign all files and folders to the "admissions" group, including the index.html file. With that, and the page tagging as described above we will see the following results of our efforts:
The main body of the page will be editable by Tom, Bill, and Mary (but no one else).
The header will be editable by Jim and Pam (but no one else), the footer will be editable
by Jim and Pam (but no one else), and the left_navigation area of the page will be
editable by Tom, Mary, Jim and Pam (but no one else).