Midgard CMS
Open Source Content Management System
Midgard Project > Documentation > Permissions in Midgard

Permissions in Midgard

  1. Read Access
  2. Write Access
  3. Users, and Articles authors and lockers
  4. Preferences

Several websites can be managed independently in Midgard thanks to Sitegroups. As for access to various parts of a site, Midgard's permission system is based on Group ownership, and controls only write access to the database records.

Groups are organized into a tree structure. Persons may belong to any number of Groups thanks to the member records.

The realm field in the Sitegroup table is a string which contains the Sitegroup name, and is used instead of the name field in the authentication window opened by your browser. The name field is an identifier which cannot contain whitespace.

Entity-Relationship Diagram for Person, Member, Group, Sitegroup and Preference

Read Access

When authentication is required, read access to any record within a Sitegroup is granted to all the users in that Sitegroup. More comprehensive read-level access control is available through the MidCOM framework.

In MidCOM 2.4 and earlier releases, read-level access control was implemented using the ViewerGroups feature. In MidCOM 2.5 it uses Access Control Lists.

Write Access

Write access - which includes creation, modification and deletion - is granted to any user who is either a member of the owner Group the record belongs to, or a member of a Group which owns a parent of that record.

In other words, users get write privileges for any sub-tree whose parent node owner is a Group they belong to.

Users, and Articles authors and lockers

Users have full read access for their Sitegroup and Sitegroup 0. Their write privileges depend on the Group(s) they belong to.

In addition to this, being the author of an article grants write access to it.

An article may also be locked. Anyone with write permission to an Article record may lock it, but once it is locked, only the locker and the Sitegroup administrator can unlock it. This is illustrated in the following diagram:

An example of Group, author and locker ownership

Person has write access to

  • P1 T1, A1, T3, A3
  • P2 T2, A2, T4, A5, T5
  • P3 T3, A3, A5
  • P4 T3, A3, A4
  • P5 T4, A5
  • P6 T4, A5, T1, A1, T3, A3

Preferences

Preferences enable you to personalize the content of a site. They are name and value pairs attached to a person, and they may be grouped by domain. This feature is deprecated, as you can achieve the same thing thanks to the Parameter table and functions.

Copyright © 1999-2008 The Midgard Project. Open Content
Designed by Nemein, hosted by Anykey