In this article, you will learn more about the different permission levels and their abilities and functions.
Permissions
There are several permission levels for users. Each permission level adds additional actions that can be performed on associated content. The following list provides a general list of actions available per permission level, but actual options are dependent on the content or module.
The process for assigning permissions may be found in our User Permissions Guide article.
Important Note:
Permissions for the Agenda Center and the Request Tracker modules work differently than other modules.
Permission Levels
View
View permissions are only available for assignment to front-end groups
The Guest Group is assigned View permission to all Categories by default. This is regardless of whether the Guest group is checked at the module level or not
Disabling a Group's View permissions for a Page or Category means that users in that Group will not be able to see or access content from that Page or Category
Read Only (Request Tracker Only)
Can view requests in assigned categories, but cannot edit
Author
Can create or edit unpublished content within assigned pages or categories
Can create but not publish a page
Must submit all work for approval
Cannot publish, unpublish, or delete content items, pages, or categories
Publisher
Can create, edit, publish, unpublish, or delete content within assigned pages or categories
Can create and publish a page
Can approve an Author’s work
Cannot delete pages or categories
Owner
Can create, edit, publish, unpublish, or delete content within assigned pages or categories
Can approve an Author’s work
Can add, publish, unpublish, or delete pages or categories within assigned sections or modules
Serves as a kind of mini-system administrator for a specific area of the website
Can assign permissions to Users, Groups, Pages, Modules, or categories within assigned pages or modules
System Administrator
Can approve an Author's work
Can perform all available actions; some actions are available only to System Admin
Not limited to assigned sections or modules
Can add and remove users and assign permissions to Users, Groups, Pages, Modules, or Categories
Note:
Only users that should have access to the entire site should be assigned as System Admins. However, sites should have more than one System Admin in case of emergencies.
Module Permissions
Note:
Only Owners can edit the Staff Directory feature. System Administrators can be notified by email when a category or page has been submitted. Emails are sent to all System Administrators and cannot be changed. By default, this feature is turned off. If you wish to have it turned on please let your trainer know.
Module Category Permissions
Permission Level | Permission Access |
|---|---|
Author | Requires approval |
Publisher | Requires approval |
Owner | Does not require approval |
Module Item Permissions
Permission Level | Permission Access |
|---|---|
Author | Requires approval |
Publisher | Does not require approval |
Owner | Does not require approval |
Page Permissions
Permission Level | Permission Access |
|---|---|
Author | Requires approval |
Publisher | Does not require approval |
Owner |
|
Levels of Permission
Permissions are assigned to Groups at either the module or category (section) level. For actions that include multiple modules, users will need to belong to Groups with permissions to all modules necessary to complete the action.
Example: To add a Calendar reservation to a Facility, the user will need permission to access categories in both the Calendar and Facilities modules.
Module-Level Permissions
Module-level permissions are set through the Group Administration module or by selecting the Permissions tab within a module.
Permissions set at the module level are applied to all Categories within that Module.
For modules with only one level of categories, new categories inherit permissions from the Module level.
For modules with multiple levels of categories, new parent categories will inherit their permissions from the Module level. New subcategories inherit permissions from their parent category.
Module-level permissions can be updated without overriding Category-level permissions. After Module-level permissions are updated, the user will have the option to Save or Save and Push Down.
If the user chooses Save and Push Down, the permissions of all sub-pages or categories will be overridden. This cannot be reversed automatically.
If the User chooses Save, category-level permissions are retained when module-level permissions are updated.
It is important to note that Module-level permissions override Category-level permissions but do not overwrite them permanently.
For example, if a Category is set up with Guest View permissions turned off and then Guest View permissions are added at the Module level, those permissions would now be added to that Category. However, if Guest View permissions are ever removed at the Module level, the Guest View permissions would again be removed from that Category since that is how it was originally set up.
A User belonging to Groups with differing permission levels will have the highest assigned permission level for the Groups to which they are assigned.
For example, a user who belongs to Groups with Author and Publisher level permissions for the same item will be treated as a Publisher.
If a Group has permissions set at both the Module and Category levels, they will be treated with whichever set of permissions is greater.
Most Groups do not need permission to full modules. Permissions should be assigned at the Category level unless necessary.
Category-Level Permissions
Category-level permissions allow users to view or edit content in assigned categories, but not categories to which they are not assigned.
Most modules will not display content or categories to Groups that do not have permission to those items. Exceptions to this are Pages, Staff Directory, and Document Center.
If category-level permissions are not available for assignment (because they are grayed out), this means the Group has been assigned permissions at the Module level.
Disabling the Group Permissions at the Module level will allow the assignment of permissions at the Category level.