Set permissions to control who can see what content, and who has authority to make changes.

There are three types of permission:

  1. View: allows the user to see content.
  2. Edit: allows the user to create and work on draft content. Edit permission does not include permission to approve.
  3. Approve: allows the user to issue new content for use.

You can set permissions for:

  • The system as a whole: these are the default permissions, used when no other permissions have been set.
  • Page types: you can set permissions for each page type, used by default for each page of that type.
  • Pages: you can set permissions for individual pages.
  • Users: you can set permissions to control who can look at the user list and who can add and remove users.

A user’s permission for an action is determined by their authority level and, for users with normal user authority, the user group with permission for the action.

Authority levels

User authority level field: under Control in the user s profile.


Every user has an authority level set in their profile.

System Manager

System Managers have permission for all actions: they can view, create, edit, and approve content, and they can add and remove users.

Auditor

Auditors have permission to view all approved content. They have no other permissions.

Normal User

Normal users have permission for an action if they are a member of the user group with permission for that action.

User groups

A user group is a selection of users. You can select users by name, or by rule such as ‘Senior Managers’, ‘HR Department’, or ‘Contractors’. Rule-based user groups are updated automatically when users are added, deleted, or updated. See User groups for guidance on setting up user groups.

There are three built-in user groups:

  • System Managers: the system owner and all users with System Manager authority.
  • Active users: all enabled users (ie, all users who can log in to your system).
  • General public: all site visitors. This permission can be used only if public access is enabled for your system.

Permissions management

Managing the permissions for your system may include any or all of these steps, depending on the nature and complexity of your organization.

Action

Notes

Create page types

If you want to set different permissions for different areas of content, you might find it helpful to set up separate page types for each area.

For example, you might have procedures that are private to your HR department. Create an HR Procedures page type. Any permissions that you set for that page type will apply to all pages of that type.

See Page types

Create user classifications

If you want to set different permissions for different groups of users, set up the classification scheme(s) you will use to create those groups.

For example, you might have content that is specific to the jurisdiction in which the user is employed. Create a Jurisdictions classification and assign each user accordingly.

See User classifications.

Create user groups

Create a user group for each set of users to which you want to assign permission. You can create user groups by selecting individual users or by setting one or more selection rules based on your user classifications.

As well as creating user groups to control access to content, you might find it helpful to create a Content Managers group whose members will have permission to create and approve content; or a User Managers group whose members have authority to administer user records.

See User groups.

Set the system default permissions

Select Settings from the System drop-down. Select the user groups with default permission to view, edit, and approve content.


Screenshot showing permission fields on the system settings page





Set page type permissions

If you need permissions for a page type that are different to the system default permissions —

  1. Select Page types from the System drop-down, to display the list of page types.
  2. Select the page type.
  3. Select Properties from the Content drop-down.
  4. Select the user groups with permission to view, edit, and approve pages of this type.

Set page permissions

If you need permissions for a page that are different to the permissions for the page type—

  1. Display the page.
  2. Select Properties from the Content drop-down.
  3. Select the user groups with permission to view, edit, and approve the page.

Set user profiles permissions

If you need permissions for viewing and updating user profiles that are different to the system default permissions —

  1. Select Users from the System drop-down, to display the list of users.
  2. Select Properties from the Content drop-down.
  3. Select the user groups with permission to view and approve user records. (There is no edit permission for user records.)

Note that there are some additional considerations affecting permissions to update user profiles:

  • Users can update some details (such as name, email, and password) on their own profile, even if they are not included in the user group with approve permission. However they cannot update their authority level or classification values.
  • Users, other than system managers, cannot update passwords if the system is set to use strict single sign-on.
  • The system owner profile cannot be updated by anyone other than the system owner.

See Users.

For complex rule-sets, consider Auditing system permissions