Understanding Permissions and Controls

A control is an item in Brightspot that you click or select, such as a widget, tab, checkbox, or drop-down list. You restrict access to a control by setting a permission on it. Permissions are set at the role level, which apply to all users assigned to that role. Typically, not all users have access to all controls. For example, users in an editor role usually do not have access to the administrative-level controls for adding new users.

In the Roles UI for setting permissions, Brightspot groups controls into the following functional categories:

Control Type Permission Impact
Sites Limits the sites to which a role has access. See Sites Control.
Areas Limits access to selections from the Admin menu. See Areas Control.
UI Limits capability to ignore content locking and field-level locking. See UI Control.
Types
Limits access to tab and widget controls on the content edit page by content type. See Types Control.

Note

You can also limit a role’s access to dashboard widgets. See Custom Dashboards.

Note that a role’s permissions apply globally to all sites to which the role has access. That is, the role’s permissions for one site are identical to a role’s permissions for another site. Optionally, you can set specific permissions for a site that override the site’s global permissions. See site-specific permissions.

Permission Settings

You can apply one of the following permission settings on a control:

  • All—The role has access to all controls within that feature. For example, if you select All in the Sites field, the role’s users have access to all sites.
  • All Except—The role has access to all controls except the ones you select. For example, if you select All Except in the Sites field, and then select the site Pancake Syrups, the role’s users have access to all sites except Pancake Syrups.
  • Only—The role has access to only those controls you select. For example, if you select Only in the Sites field, and then select the site Pancake Syrups, the role’s users have access to only the site Pancake Syrups.
  • None—The role has no access to the controls within that feature. For example, if you select None in the Sites field, the role’s users have access to no sites.
  • Inherited—Applies to site-specific permissions only. Inherits the global settings for the control (no override.) See site-specific permissions.

Referring to the following example, the role has the following permissions:

  • Access to all sites except Inspire Confidence.
  • No access to Area controls.
  • Access to all UI controls.
  • Access to only the Article content type.
../../../_images/contributor-controls.png

Sites Control

The Sites control limits the sites to which a role has access. For example, a Spanish-speaking role might be limited to working on the Spanish and English sites, not French and German sites.

../../../_images/sites-control.png

The sites control is useful for controlling access to the Global site — a site that sets many defaults for other Brightspot sites. See Understanding Site Hierarchy.

Areas Control

The Areas control limits access to selections from the Admin menu.

../../../_images/areas-control.png

Depending on your version of Brightspot, other admin controls may be available.

UI Control

The UI control specifies if users in a role can ignore content locking or field-level locking. For more information, see Locking.

../../../_images/ui-control.png

Types Control

The types control limits access to content types. You can exclude access to types completely, such as preventing a role from accessing the Gallery and Playlist content types.

../../../_images/types-control-excluded.png

You can also restrict access to content types. In the following example, the Article content type is restricted.

../../../_images/types-control-restricted.png

In the previous screenshot—

  • Default in the Form field indicates that this role uses the out-of-the-box content edit form for the Article content type, which provides access to the standard set of tabs and widgets built into the default form.

    If custom content edit forms were previously created for the Article type, then those forms appear when you click the Form field. The form you select is applied to that role.

    ../../../_images/types-control-restricted-form.png
  • After an article is published, this role can modify the item and republish (read-only access is turned off).

  • The actions listed in the Actions field are unavailable to this role. Users in this role cannot archive or restore the item.

  • The content items listed in the Content field are unavailable to this role.

    Note that you can restrict content items via two different options, Basic or Dynamic. The Basic option displays the search panel, from which you select search results for the content type. The same selected items remain inaccessible to the role unless the role is changed.

    The Dynamic option displays filters for setting search criteria. For example, you can specify that only published articles (not articles in draft or revision state) can be accessed by the role. Therefore, the articles that the role can access will vary over time.

Site-Specific Permissions

Permissions can be applied globally and on a site-specific basis. When you set one or more sites that a role can access, the permissions for the Areas, UI, and Types controls apply globally; that is, they apply to all of the sites. Optionally, you can set specific-permissions for a site that override the site’s global permissions.

../../../_images/roles-permission-overrides.png

In the previous diagram —

  • For Role1, global permissions are set on three sites to which Role1 has access. The same permissions apply to all three sites. Global permissions are required for a role.
  • Specific permissions are set for Site2, which override Site2’s global permissions. Therefore, the Site2 permissions are not identical to the Site1 and Site3 permissions. Site-specific permissions are optional for a role.

To further illustrate, say that a role has access to two sites: Inspire Leadership and Inspire Confidence. The global settings for the Areas, UI, and Types controls are set to All.

Site-specific permissions are set on the Inspire Confidence site. The Areas and UI controls are set to overrides, with each control limited to one permission. The Types control, on the other hand, inherits all of the global permissions.

../../../_images/site-specific-settings.png

The global and site-specific permission settings impact the two sites as follows:

Sites Global Settings Site-Specific Settings Effective Permissions
Inspire Leadership
  • Areas Control: All
  • UI Control: All
  • Types Control: All
(no site-specific settings) (global settings)
Inspire Confidence
  • Areas Control: All
  • UI Control: All
  • Types Control: All
  • Areas Control: Admin → About
  • UI Control: Content Unlock
  • Types Control: Inherit
  • Areas Control: Admin → About (override)
  • UI Control: Content Unlock (override)
  • Types Control: All

See also: