Midgard CMS
Open Source Content Management System
Midgard Project > Documentation > Permission management with MidCOM

Permission management with MidCOM

  1. Inheritance
  2. Adding a group
    1. ACL editor
  3. Removing group from permissions list
  4. Setting the rules
    1. Read
    2. Create
    3. Update
    4. Delete
    5. Owner
    6. Approve
    7. Configuration

ACL or Access Control List is a security concept, which is for determining the permissions for different groups.

It is possible to define the ACL rules for any Midgard object, although the most common practise is to define rules for folders.

Inheritance

ACL rules will be inherited. This means that if a folder has certain set of rules, they will be inherited by pages that are in that folder unless page-specific rules override them. Page-specific rules then again do not affect the rules of the folder.

Folders also inherit their rules. E.g. if a folder doesn't have a Read rule defined, it will be checking its parent folder if the rule exists. If the parent folder doesn't contain the rule, its parents will be checked until the rule is met. If there are no rules anywhere in the parent folders, global defaults will be used.

This will affect both ways: rules defined in a folder will affect all of its child folders and pages until otherwise specified.

Adding a group

To add a group for assigning permission rules

  1. Select the group from Add group for privilege assignment
  2. Click on Save on the bottom of the page
  3. Assign the rules

view_ACL - Editor.jpg

ACL editor

Removing group from permissions list

To remove a group from the permissions list

  1. Set all the permissions to Not set (inherited)
  2. Click on Save on the bottom of the page

When a group doesn't have any permissions set, it will not appear on the permissions list. This means that permissions for that group are either inherited from the parent objects or the group doesn't have any permission levels set at all.

Setting the rules

The basic set of rules are the following:

  • Read
  • Create
  • Update
  • Owner
  • Approve
  • Configuration

Read

Read rule defines if a group is allowed to see the contents in the object.

Create

Create defines if specified group is allowed to create subobjects to the object in question. Creator of the article will automatically become the owner, who has permission to update the object as well.

Update

Update gives the permission to make changes to an object.

If there is a need for e.g. news folder, where a group (or everyone if that is the case) can publish news, but they should not be able to update other objects than their own creations should Update permission be given to only to administrative or editorial groups.

Delete

Delete rule defines if the group is allowed to delete the object.

Owner

Owner rule groups the following rules into one single group:

  • Update
  • Create
  • Delete

Approve

Approve rule defines the groups, which are allowed to approve and unapprove pages. This ACL rule is invisible as a default and used only on sites, which have approval enabled.

Read the manual for more information on approvals.

Configuration

Configuration rule defines the groups, which are allowed to configure the folder.

Copyright © 1999-2008 The Midgard Project. Open Content
Designed by Nemein, hosted by Anykey