Access and workflow are important administrative tools when using the OU Campus™ content management system (CMS). When wielded properly, they can be powerful and effective methods of administrating the system and can create a friendly experience for end users. Access settings can be utilized to provide or restrict access to various areas of the site. They can also be assigned to content, such as templates, and other content-related features. Workflow is used to control what users can publish. Along with access, it helps control where people can edit, who can publish, and who needs to review content before it is published.
When implementing a new site or several new sites, it is advisable to plan out the expected functionality in terms of workflow within the system prior to creating groups and assigning permissions. The reports available in Custom Reports can help identify the groups that are needed to make the site function as desired. Even after planning and execution of the plan, the CMS enables user settings and group membership to be easily changed, and for assigned groups to be removed or changed. The basic steps include:
- Define the workflow architecture.
- Set approvers for users who need them.
- Add users to groups to control access.
- Set site, publish targets, folder, page, asset, and user access settings. Groups can be assigned to settings at multiple levels and enforced according to precedence. This can include:
- Creating a publishers group for those who can bypass approval and publish directly
- Determine an approver for pages or top-level directories
- Define the groups that have access to these regions
The system allows for as much or as little flexibility as desired. In some cases, it may be desired to force users to always use the DirectEdit™ link to access the pages to be edited. The alternative is to assign permissions at various levels of granularity ranging from the site level to the directories housing the pages to the editable regions. Enforcing access through a DirectEdit link limits the number of groups that may need to be created, but it also limits the users’ abilities to navigate through the folder structure to get to pages to edit.
There several things to keep in mind when playing the role of an approver. Once a page is sent to an approver it is automatically checked out to that user. Other users in workflow might be completely dependent upon the approver to review and publish the page. To this end, the approver has the standard reviewing tools available such as compare, backup, and review, as well as the standard functionality found for publishing, unless another layer of review has been put into place.
As an approver, it is prudent to review a page and approve it or decline it in a timely fashion, as there may be a delay in the review cycle or with the publication of pertinent information if the page is left sitting in workflow. Also, there are two options that are only available when playing the approver role: Decline and Keep and Decline and Revert.
Flexibility is introduced into workflow with the ability to enforce an approver or not. This simple concept supports a situation where a page must be sent for approval, but the content does not have to be sent to the default approver. This may also be used when a peer-to-peer review is desired before the page goes to the final approver for review and publication. The user can choose to which individual the page should be sent if the Enforce Approver option is not selected. Then the person to whom the page is sent for review can publish it, rights permitting, or send it back to the original user or the designated approver.
As previously mentioned, there can be multiple levels of review. This situation allows for additional flexibility within the system and is defined by an approver having his/her own approver. This can allow for a workflow process whereby more than one user can review a page.
Most access settings within OU Campus are configured with the use of groups. The assigning of an approver, while it can be accomplished at several levels within the system, only assigns a singular user (as compared with assigned rights with a group setting).
Trumping the Approver
In addition to choosing not to enforce an approver, there are two types of overrides that can circumvent the approval process. One is at the administrator level, as an administrator has the capability to reassign a page that has been sent for approval. The second override is the use of the publishers group setting. A group can be assigned to the publishers setting and members of that group have the ability to publish without respecting the restrictions of any assigned approvers.
How Precedence Works in this Regard
Precedence takes place by giving settings closer to the content higher importance. For example, when a user has an approver assigned to the user settings, and the user is working on a page with a different approver assigned, the approver for the page takes precedence. This provides a solid workflow structure, while at the same time allowing for a flexible alternative that can be set up and used quickly and easily as a publishers group can be assigned at various levels in the system; for example, to a page or directory.
Two important concepts to keep in mind during the creation of workflows in OU Campus are the ideas of inheritance and precedence. Inheritance explains how the system functions in terms of access settings inheriting from the settings above it. Precedence explains that the settings closer to the content override any settings that may have been set above it.
Last but not least, Level 0
Any level user in the system can be assigned as an approver and a frequently used scenario is to create Level 0 for the role of approver. The Level 0 is unique among user levels as it includes very few permissions other than publishing. This level is also known as the reviewer or executive level as the user can review, and choose to decline or publish, but cannot perform any of actual editing work. If changes need to take place, the Level 0 user needs to send the page back to the original user to have the edits completed.
Settings for items created new, by default, inherit the default settings of their parent. When access settings are configured for a directory, the pages created within it inherit those settings. When setting up the access and other permissions, it is generally best to start at the top and work down as it is common for the permissions to become more restrictive and less generalized as the settings get closer to the content.
When assigning permissions, if the content has already been migrated into the system or configured, the recursive option within the site and directory settings may be useful. This option changes all of the directories and pages below the location of the setting. When first assigning permissions, using the recursive setting is relatively safe, but as the permissions are changed throughout the site, the use of the recursive option should be used sparingly. Remember, the changes made recursively cascade down through the entire site and through all of its directories and pages.
To set the recursive option, which can be done at the site settings and within the directory settings:
- Click the radio button next to “This folder and all existing items within.”
- For each access setting, select the checkbox and choose the desired settings.
3. Click Save.
Any pages and directories created under the site or directory defined above will inherit the settings defined. However, they can be changed on a case-by-case basis as needed. The recursive option sets up the settings for directories and pages created going forward, and it changes any current settings.
In conjunction with inheritance, precedence defines the order in which settings will be used. The closer a setting is to the content will take precedence. This is especially important to understand with regard to user settings.
Users are considered to have the least amount of precedence as they are furthest from the content. Therefore, if it is important to have settings based on the user, be sure that the setting is not different anywhere else within the site.
The order of precedence is as follows (in order of lowest to highest):
- Editable Regions
Additionally, access settings can be assigned to the servers, assets, templates, blogs, and other social media.
If a toolbar is defined at the user level and a different toolbar is assigned at the page level, all users will see the toolbar assigned at the page level, regardless of their user settings. The settings available for each area may differ. For instance, user settings do not include settings for publishers or RSS Feed, among others, and the settings for editable regions will not include settings for approver or publishers, in addition to others. Some settings, such as Template Groups, will only appear at the site and directory levels.
Keep in mind that adding an approver at the user level revokes the user’s publishing rights, even if an approver is not assigned elsewhere. The user can be granted publishing rights by being included in a publishers group.
The use of reporting can also be helpful when setting up workflow. Custom reports can be used prior to setting up the access settings in order to identify the directories and pages within the site. They can also be used after configuration of the access settings is complete to verify that everything is configured as expected.
Prior to Settings Assignment
It can be helpful to run two reports prior to setting up the groups and assigning access: Directories and Pages. These reports can then be exported, and imported into one file (e.g., Excel). Additional information can be added, such as that for access settings, an Approver, and a Publishers group. If other information is desired, that can be added too, but this section will focus on determining the appropriate groups needed for proper navigation.
The data can be populated once the file is configured to include the columns needed to create the access and other settings. It is helpful to add user names alphabetically under each. This allows for easier sorting so that the groups needed can be identified and created in OU Campus.
After defining which users should have access to the pages and directories, sort by the Access column in order to see how many like groupings of users there are. This helps determine how many groups are needed and which users need to be in those groups. Following the same steps for Publishers helps identify any additional groups that may be needed.
Keep in mind that the purpose of this is to create a site structure that allows users to navigate from the top of the site to the destination folder, but as discussed earlier, it is also possible to create fewer groups and force users through DirectEdit.
When users are assigned to a directory, they have the ability to create new pages and upload files to that directory, user level permitting. So forcing users through the DirectEdit link may be desired in order to prevent undesired pages from being created or files from being uploaded.
Example Access Settings Report
After Setting Access
Run the reports again after the groups needed have been created and assigned. Be sure to select the checkboxes for Access, Publishers, and Approvers to make certain the output includes the appropriate data. This allows comparison and confirmation of proper group and individual assignment to the directories and pages so that the appropriate users can navigate to the pages they need to access and edit. This is also helpful in identifying areas to which users should not be allowed access.
Example Directories Report
In addition, either a Groups report or a Users report can be run in order to ensure that users are assigned to the proper groups, after confirming that directory and page assignment is as desired.
Some functionality can be shared between sites within one account, between accounts within one skin and across skins. That is, many settings can be configured at the account level, and overridden at the site level. Some functionality can further be overridden at the user or the page level.
The following table indicates which elements are shared and how they are shared.
|New Page Templates||X||X||X|