Permissions and controls

A control is an item in Brightspot that you click or select, such as a widget, tab, checkbox, or drop-down list. You restrict access to a control by setting a permission on it. Permissions are set at the role level, which apply to all users assigned to that role. Typically, not all users have access to all controls. For example, users in an editorial role usually do not have access to the administrative-level controls for adding new users.

Brightspot groups controls into the following types:

Control type Permission impact
Sites Limits the sites to which a role has access. See Limiting access to sites.
Areas Limits the available selections from the Admin menu. See Limiting access to the Navigation menu.
UI Limits the capability to ignore content locking and field-level locking. See Limiting access to locking.
Types Limits access to tab and widget controls on the content edit page by content type. See Limiting access to content types.

A role’s permissions apply to all sites to which the role has access. For example, if the Editor role is limited to working on articles and images, then those limitations apply to all sites to which editors have access. You can override this default by setting site-specific permissions for a role; for details, see Site-specific permissions.

Scope of permission settings

Most permission settings have one of the following scopes:

  • All—The role has access to all controls within that feature. For example, if you select All in the Sites field, the role’s users have access to all sites.
  • All Except—The role has access to all controls except for the ones that you select. For example, if you select All Except in the Sites field, and then select the site Pancake Syrups, the role’s users have access to all sites except Pancake Syrups.
  • Only—The role has access only to those controls you select. For example, if you select Only in the Sites field, and then select the site Pancake Syrups, the role’s users have access only to the site Pancake Syrups.
  • None—The role has no access to the controls within that feature. For example, if you select None in the Sites field, the role’s users do not have access to any sites.

In the following example, the role Interns has the following permissions:

  • Access to all sites except Nitroglycerin Recipes
  • Access to all items in the Navigation menu
  • Unlocking at the content and field level
  • Create, modify, and delete only articles
../../../_images/contributor-controls.png

Limiting access to sites

The Sites list limits the sites to which a role has access. In the following example, the role has access to the sites Chocolate Chip Counterfeits, Famous Expiration Dates, and Legume Legalities, but not the sites Global and Nitroglycerin Recipes.

../../../_images/sites-control.png

The Sites list is useful for limiting access to the Global site—a site that sets many defaults for other sites. See Site hierarchy.

Limiting access to the Navigation menu

The Areas list limits access to selections from the Navigation menu. In the following example, the role has access to all selections in the Navigation menu except AdminSites & Settings and AdminUsers & Roles.

../../../_images/areas-control.png

Limiting access to locking

The UI list specifies if a role can ignore content locking or field-level locking. For more information, see Locking.

../../../_images/ui-control.png

Limiting access to content types

The Types list limits access to content types. In the following example, the role can create content from any type except galleries and playlists.

../../../_images/types-control-excluded.png

You can also restrict the available activities at the content-type level. In the following example, the Article content type is restricted for the role.

../../../_images/types-control-restricted.png

In the previous illustration—

  • Main Tab Only in the Form field indicates that this role uses the custom content edit form when working with articles. For more information about custom content edit forms, see Custom content edit forms.
  • After an article is published, this role can modify and republish the item (read-only access is turned off).
  • The Actions field indicates that this role cannot archive or restore articles.
  • The Content field indicates that this role has access to all articles except Galaxies Collide, No Injuries Reported. You can configure two types of lists in this field:
    • Basic—A static list of articles the role can or cannot access.
    • Dynamic— A dynamic list of articles that the role can or cannot access. A good example of a dynamic list is restricting access to articles more than three months old.

Site-specific permissions

Permissions can be configured at the role and role-site levels. For example, if you set permissions for the role Editor, those permissions apply to all sites to which editors have access. In addition, if you have a classified blog at the site Nitroglycerin Recipes, you can assign editors more restrictive permissions for that site.

../../../_images/site-specific-permissions.svg

In the previous diagram —

  • All users with the role Editors can create, modify, and archive articles and images. These permissions apply to all sites to which editors have access: Salad Recipes, Cake Recipes, and Cookie Recipes.
  • All users with the role Editors who are working on the site Nitroglycerin Recipes have read-only access to articles, and have no access to images.

The following illustration provides another example of site-specific permissions.

../../../_images/site-specific-settings.png

Referring to the previous illustration, when working on the site Nitroglycerin Recipes the role can—

  • Access only AdminAbout from the Navigation menu.
  • Unlock at the content level (not at the field level).
  • Create, edit, and archive all content types.

See also: