>>>>
Security & Users

Security & Users


A guide on creating extra administrators for your website, changing passwords and securing your website

Logging In

To start managing your website the first step is to login to your website. The website address to edit your website is always your main website and “/admin” at the end i.e. http://mycommunitywebsite.onesuffolk.net/admin

Simply go to this address and then insert your username and password and click “login


 

Groups & Roles – The Explanation

Instead of assigning individual permissions to access, create, edit, or delete content per user, you can use Security Groups and Roles to organise what accounts have which permissions.

Roles are collections of permissions. For example, you might create an editor role to give a group read/write access to all content, or a "contributor" role who has the right to add content to the CMS but not to publish it, or a "spectator" role which gives a person a right to view the backend of the CMS, but not any ability to edit it.

Security groups are collections of users, and whatever permissions they have apply to a subset of pages. So, for example, the marketing team could have access to the parts of the website dealing with marketing, and the development team could have access to the parts of the website dealing with development.

One of the ways that the two can be used together is to assign similar roles to different groups. You only need to define an "editor" role once, but by applying the "editor" role to different groups with different access to different pages, so if you assigned the "editor" role to both the marketing team and development team security groups, the marketing team would be able to edit the marketing pages, and the development team would be able to edit the development pages, but they would not be able to edit each other's pages.

As a general rule of thumb, Roles define what can be done, and Security Groups define who can do it, and where.


 

Groups

Administrators – Allows full access to do everything on the website including adding, deleting or editing users, changing content, changing core settings of the site.

Content Authors – Restricted access that only allows editing of pages, access to the Files section, access to the reports section and it allows some editing of the site structure. 

groups


 

Roles

Within your One Suffolk site we doubt you will ever use Roles as you will generally use “Users” and “Groups” but if you do then you can set up Roles to do a specific set of things as described earlier In this guide.

  1. To set up a role, click on “Security” along the left hand side.
  2. Click on “Roles” along the top right bar.
  3. Click “Add Role” and you will be greeted by a screen like the one below.

 Roles

4.Give the Role a “Title” in the “Title” box
5.Assign the permissions you want that Role to have by clicking in the relevant boxes.
6.Click “Create” when you have done

Users

To manage your administrators of the site, firstly log into the site as per the first page of this guide and then click “Security” along the left hand side. You will be greeted with a screen like the one below.

From here you can manage users, groups (for example if you wanted to only allow editing of certain pages by certain people) and roles.

users

Adding New Editors

To add a new editor for the site, click the "Security" tab on the left hand side and then click the “Add Member” button and then on the following screen complete the  First name, Surname, Email, Password & Confirm Password boxes with the relevant information.

The only other item you will need to complete on this page is to add them to the appropriate group. As standard there are 2 groups setup on the system and they have already been described to you In the “Groups” section.

To assign them to a group click into the “Groups” section and click on the group you want to give them access to.  If you want them to be a full administrator (i.e. full access to the system) then you need type in "Administrator" into the box and select it when it pops up. If you want them just to be able to edit content (i.e. text and images on pages and files) then type in "Content Author" into the box and select it when it pops up.

Click “Create” when done

Changing Passwords of Editors/Administrators

If you are already an administrator then you can change your own password and any other administrators or content authors on the website. To do this, click “Security” along the left hand side, make sure you are on the “Users” tab at the top right of the screen and then click on the user you wish to edit.

You will then be greeted with a screen like the one on the following page.

users2

From this screen, click “Change Password” and the type in the “Current Password” of that user and also the “New Password” and “Confirm Password” box. “Click Save” once you are done.


 

Giving editors permissions to change specific pages

Within Silverstripe, there is the ability to allow only certain editors permissions to edit certain pages within the site. It requires a number of steps to do this.

  • Adding a group
  • Adding a user to the group
  • Setting the page permissions
  • Changing other page permissions

Adding the Group

The first step in the process is to set up a group which your user can go into.

  1. Click on “Security” along the left hand side.
  2. Click the “Groups”  tab at the top right
  3. Click “Add Group” and ensure that they have the permissions set like they do on the screenshot on the following page. The only boxes that needs to be ticked is “Access to Pages section” and “Access to Files section

 groups

Once you have given your group the correct permissions click “Create” at the bottom.

Adding a user to your group

To add a new editor for the site, click the “Security” option on the left hand side and ensure you are on the “Users” tab along the top right. From here click the “Add Member” button and then on the following screen complete the  First name, Surname, Email, Password & Confirm Password boxes with the relevant information.

The only other item you will need to complete on this page is to add them to the appropriate group which is the group you created in the previous steps. To assign them to a group click into the “Groups” section and click on the group you want to give them access to.

Click “Save” when done

Setting the page permissions

Now that you have created a group and a user the next step is to set the page permissions on the page you want to restrict.

To do this click on “Pages” on the left hand side.

Click on the page you want to restrict access to.

Click “Settings” at the top left and then you will be greeted with a screen like the one below.

 pagepermissions

On this page, where it says, “Who Can Edit This Page”, select “only these people” and then click into the “Editor Groups” box and choose the group that you created in the first part of this section.

Click Save and Publish” once done.

Changing other page permissions

Alongside setting the permissions of the page you want to restrict access to the user you created, you will also need to change the permissions of all other pages in the site so that the new group you created cannot edit other pages in the site.

To do this:-

  1. Click into each page on the left hand side.
  2. Click “Settings” at the top left and ensure that “Administrators” and “Content Authors” are set as the only people who can edit those pages by following the instructions below (same as earlier instructions)
  3. On the page, where it says, “Who Can Edit This Page”, select “only these people
  4. Click into the “Editor Groups” box and choose the group that you created in the first part of this section.
  5. Click “Save and Publish” once done.