The security admin enables you to setup and manage users and user groups, and control the permissions granted to these groups.
GROUPS
Groups exist so that you can provide users with specific permissions to the admin area and the content they can manage. You can grant a handful of users full administrative access to all the functionality of the CMS, grant others access to only manage blog posts, or even grant certain users view-only permissions.
A new group can be added by pressing the "Add Group" button under the Groups tab.
On the New Group screen, you'll require to provide name, optional parent group, and an optional description of the group.
You will also be able to choose the permissions to grant this group by ticking a list of options:
Once the information is filled out, simply press the "Create" button to save the group.
USERS
Users are people that can sign into the admin area and view or manage content that appears on the site.
It is worth noting that these are only limited to the SilverStripe CMS, and are separate from BlocksOffice and Tessitura users.
A new user can be created by pressing the "Add Member" button under the Users tab.
While most of the information here can be left out, First Name, Surname, Email, Password must be provided. Once these have been proved, simply press the "Create" button to save the user.
It should be noted that only administrators have the permission to create a new user.
Assigning Groups to Users
A user may belong to one or many groups. Users belonging to multiple groups inherit permissions from all the groups.
There are two ways to assign a group to user:
- On the user editor page
- On the group editor page
User Editor Page
Assign groups to user by going to the user details page. Add a new group by typing the group name and selecting from the drop down. Remove existing groups by pressing the little "x" button next to the group name. Save the user to finalise the selection.
Group Editor Page
Assign users to group by going to the group detail page. Add a user by using the search field to find by name or email address, then press the "Link Existing" button. Remove users from group by pressing the "Unlink" button to the far right for that user. Save the group to finalise the selection.
DELETING USERS
We recommend you do not delete users unless they have not created or edited any content in the CMS.
Deleting a user is generally not a problem with majority of site content. It is an issue, however, with the blog functionality. The blog works slightly differently in that deleting a user who has authored blog posts is likely to disable the blog posts created by said user. The actual post won't get deleted, it just won't get listed.
The better solution is to keep the user in the system, change their password, and remove them from all user groups. This will result in them no longer being able to access the CMS, which is the intended result.