In CMS all access is authenticated and mapped to a user role. There are eight user roles in CMS 2002: administrator, channel manager, template designer, resource manager, moderator, editor, author, and subscriber. Each CMS user role has precoded permissions that cannot be changed. It is not possible to create additional user roles. Figure 17-1 shows the eight CMS user roles displayed in the Site Manager.
Figure 17-1. User roles and Administrator rights group
We have come across the different CMS user roles in previous chapters of the book. For example, when we discussed the publishing workflow in Chapter 6, we looked into three publishing roles: author, editor, and moderator. Now we are going to take a detailed look into all the CMS user roles.
Every CMS user is assigned at least one role. When users browse the site, even anonymous access is enabled via a guest account that has to be mapped to a subscriber role. All CMS content resides in containers: pages in channels, resources in the resource galleries. Depending on the role, or combination of roles, that a user account is mapped to on a container, the user has different rights on this container.
The administrator role is the role of a CMS administrator. Administrators have full administrative and publishing rights to the entire site and can perform any task that any other role can that is, act as an author, editor, moderator, template designer, resource manager, or channel manager in all channels and galleries.
Administrators can create all containers: channels, template galleries, and resource galleries. Administrators are solely responsible for setting up rights groups for all user roles and assigning members to these groups. Administrators can assign rights groups to all containers, and have subscriber rights to all channels.
Channel Manager Role
The channel manager role allows CMS administrators to delegate administrative tasks on the parts of the site structure. Channel managers are in effect mini-administrators. They have full administrative and publishing rights to the subset of the site containers they've been assigned rights to: channels, template galleries, and resource galleries. Within the containers that channel managers have rights to, they can:
Channel managers have subscriber rights to all channels they are managing.
Template Designer Role
Template designers are developers who create templates and template files in VS.NET. If they have rights on a container, within this container they can:
Within the template galleries that they have rights to, they can create, edit, and check in templates. They can also edit, check in, debug, and delete templates that they own.
Template designers cannot perform certain tasks on the templates in the template galleries where they have rights; these tasks can only be performed by administrators and channel managers. The tasks are as follows:
Template designer rights on a channel include subscriber rights to this channel.
Resource Manager Role
Resource managers are responsible for managing resources in the resource galleries. Resources can be added to a page from a local source; however, resource galleries provide a simple way to make common resources available across the site. If resource managers are given rights on a resource gallery, inside this gallery they can view, add, move, replace, and delete resources. Resource managers cannot create any containers, including resource galleries; this is the responsibility of the administrator or the channel manager.
Authors create pages and submit them for approval by editors. They use the Web Author console or Word with the Authoring Connector to author pages. Although they can set the page properties themselves, they are really just suggesting the settings, since editors and moderators can both override these settings.
Authors require access to the following containers:
Author rights on a channel include subscriber rights to this channel.
Editors can do everything that authors can, as well as approve page content for publication. Editors can approve or decline pages. They can ask the author to revise the page, or they can do it themselves.
Editors require access to the following containers:
Editor rights on a channel include subscriber and author rights to this channel.
Moderators ensure that page content and page publishing properties are relevant and appropriate for all channels to which they are assigned rights. Page content is approved by the editor; publishing properties, such as the publishing schedule, are approved by a moderator. Moderators can ask for the page publishing schedule to be revised, or can revise it themselves.
Moderators require access to the following containers:
Moderators have subscriber and author rights on the channel to which they are assigned rights.
Subscribers are those users who just browse the site. They have read-only access to pages published on the site; they do not participate in the publishing process.
In order to be able to view a page, they need to have read access to the channel where the page is located, the template gallery where the template for the page is stored, and the resource gallery where the resources used on the page can be found.
CMS does not provide default anonymous access; in order to view pages published on the site, all users browsing the site must be given subscriber access to the appropriate channels. Even if we allow guest access to the site, we still need to assign a subscriber role to the guest account and give it permissions for the appropriate containers so that users can view the content on our site.
NOTE: If a user has any rights to a container, they also have subscriber rights on the container, which means they can view items in this container.
A user can belong to one or more subscriber groups. On an internal site, for example, the human resources department could only allow a specific group of users to view the company's private content in a secured channel. At the same time, the members of this group have subscriber rights to other parts of the site that are available to all employees. On an external site, all users have subscriber rights to the public parts of your site, while some users can also have subscriber rights to the premier content on the site.