Plone User Roles
Two general types of user roles exist in Plone: global and local. Just like it sounds, global roles are in effect for the entire Plone installation, whereas local roles are in effect on only a folder-by-folder basis. Every user has at least one role: the standard role of member. But users can also have more than one local role, and many do.
Next , we take a moment to delineate the basic roles of Plone users.
The Manager Role
The manager is the highest role that a user can achieve, and this is a global role. The manager has "god" privileges to perform any task within Plone, including the following:
Adding and modifying all users at any time
Assigning (or revoking) local roles to users at any time
Publishing, revoking, and modifying all content
Adding keywords to pull together related content
Modifying templates and other elements of the Plone installation
When you install Plone later in this chapter, your role will be that of manager.
The Member Role
As you saw in Chapter 1, "Introduction to Plone and Content Management," one of the standard elements of a Plone site is the ability to "join." Plone sites are intended as member-based communities; when you join a site, you become a user with a member role. When you are a member, your own space is created in the Plone system, where you can add, modify, and generally maintain your own documents.
The manager can promote users with simple member roles to additional levels within other members' spaces. For example, if you are the human resources manager and you have two employees under you in the corporate hierarchy, the Plone manager would provide the same hierarchy within the Plone workflow: You would be granted permission to work with documents that belong to members in the workflow beneath you.
You'll learn more about workflow roles in the next section, which describes these local roles in a bit more detail.
Within a Plone site, the basic workflow for content visibility goes like this:
A member adds content in his workspace. The member is the owner of this content.
A member who has been granted the role of reviewer for content in this particular folder reviews the content (as the name suggests).
The reviewer publishes the content, and it becomes visible for everyone.
By "basic workflow," I mean that there are no problems with the content or roadblocks that would keep the member or reviewer from publishing the content to the membership at large. In fact, other states in the workflow could block a clear path to publishing:
Private ” Marked by the owner, the Private status makes the content available only to the owner. Content also then is removed from the Plone search engine index so that no one will accidentally wander past it.
Retract ” The member might withdraw content from consideration for general publication. In this case, it reverts to being visible to its owner.
Reject ” The reviewer rejects the content for general publication, and it reverts to being visible to its owner.
We discuss workflow roles and states in much greater detail in Chapter 3, "Using Your New Plone Site," but an introduction to the concepts was necessary at this point.
From this brief glimpse into the world of user roles, you should take away the idea that one overall manager controls the assignments of the general user roles. This manager account is the one that was initially created during installation. It has immediate access to the configuration of the application and its users. With this in mind, move on to the next section to learn about the basic requirements for installing and running Plone; we then wrap up this chapter by showing you how to install Plone on your platform of choice.