Administration » Users and Permissions » Working with permissions

Working with permissions

Planning

Planning is the essential part in making access permissions work. And this planning has to be done before you start building your document structure and before you let other people in the system. Of course Etomite is flexible enough to let you edit the permissions with existing sites, but altering document groups for 100+ documents is no fun. It’s better to do it right at once!

Your planning should result in a map of how you want your documents and users to interact. This example map, and the logic behind its creation, was shown the first part of this chapter. Without this map, you're very likely to make mistakes in the process.

Once you have your plan, there is an efficient way to go about establishing the permissions. Done in the following order, your work will build on itself and you won't have to keep going back to make little setting changes all the time.

Document Groups

When you create a document, you want to have the option of assigning it to a document group or groups at the same time. If you have your document groups already made, they will be displayed on the permissions tab while creating/editing a document.
 
To create or edit your document groups:
 
Users --> Permissions --> Document Groups (tab)
 
On the Document groups tab, there will be a “Create a new document group” text field and submit button. Create as many groups as you need according to your map. As they are created, they will be listed on that page below the “Create a new document group” form. You will have the option to delete or rename them if you wish. Good planning will reduce the need to do either of those things.
 
Now as you create documents you can assign them to their appropriate groups. When you assign a folder to a particular document group, every new document you create within that folder will automatically be part of the same document group. That’s why it is so important to have your document groups organized before creating hundreds of documents.

Roles

Roles are meant to define the exact permissions a user has. Because you must assign a role to a user upon creation, it’s important to create the proper roles first. The important thing to remember about roles is that the role defines the permission set for a user. So for every different combination of permissions you want to use, you'll need to create a new role. Users with the same role will have the same permissions, but not necessarily on the same document groups. Let’s go back to the ACME Inc. example to explain that.
 
Speedy and Pepe both have been assigned the same role. They are both Editors. This means they have exactly the same permissions. However, they are in different user groups (which are in turn linked to different document groups). This makes it possible for Pepe to edit the Shipping document, but Speedy cannot access that one.
 
To create or edit roles choose:
 
Users --> Manage users --> Role management tab --> Create a new role (or select a role to edit)
 
Choose a name and a clear description for the role and then check the appropriate options in the list.
 
The list of options for each role is far too long to be listed here (and they're fairly self-explanatory), but the main categories include:

User groups

It seems odd at first to make user groups before you create users. Think of a user group as a container to put users in. You don't need any users to have a container, but when you create the user, it is nice to have predefined containers to put them in. So efficient managers will create the user groups first. A user without a group is useless.
 
To create a user group, consult your map, and then in the manager choose
 
Users --> Permissions --> User groups (tab)
 
You will be presented with a “Create new user group” form for creating new groups. Make as many as you need. Groups will be listed below the form and will allow you the option of deleting and renaming. Again, good planning should reduce the need for these functions.

Users

For all of you stubborn managers who skipped all of the above because they thought it’s best to create users first: it’s not. Users need a role and a group, so you’d better have those defined by now.
 
To create or edit a user, from the manager choose:
 
Users --> Manage users --> Manage users tab --> Create a new user (or click an existing user to edit)
 
Here you will be presented with a form that you can use to create or alter the following:

* : Required
 
On the Permissions tab, you can assign the user to one or more user groups.

Linking user groups to document groups

Finally, you need to link your user groups to the document groups. In the ACME Inc. map, these links are visualised by coloured lines leading from USER GROUPS to DOCUMENT GROUPS. If you have mapped out your permissions, this is very simple. In the manager choose
 
Users --> Permissions --> User/ Document group links (tab)
 
On the left are the user groups. On the right will be document groups associated with the user groups (if any). You can assign a document group to a user group by using the drop down list and then clicking the “Add group” button. Similarly, you may remove a document group from a user group list by using the “Remove” button.

Maintenance

Congratulations. You have successfully set up your site's user permissions. Now it will be up to you to be sure that your users are trained to know how to use the permissions they have been granted. And because of your careful planning, you won't have to go back and retrofit hundreds of docu