English Yacs handbook Content management

How to control access to a section page?

Yacs is used to support large and dynamic web sites and, as such, it provides a rich set of options to manage access control rules. This paper documents these options and gives some practical examples that you can use out-of-the-box. Additional options can be used to tune yacs behavior to your very particular needs, yet these are not documented here (e.g., draft-review-publish workflow).

[title]Who is who?[/title] Yacs supports following role definitions: * [b]Associate[/b] - Any site associate has the power to access and change every item of information managed by yacs. The first associate is the person who has created the site, and he can promote one or several members afterwards. All associates have exactly the same level of power on the site. * [b]Member[/b] - A member is a regular contributor to the site. * [b]Subscriber[/b] - A subscriber can read posted pages and react to them. * [b]Editor[/b] - A section editor is a member assigned to a section. This person is given additional rights and duties on this section and on all of its content. * [b]Reader[/b] - A section reader is a subscriber assigned to a section. This person is given additional access rights to this section and to its content, even is access to the section is limited. [title]How to limit access to a section?[/title] Edit the section to protect, and change its access rule as follows: * [b]Public[/b] - Public access means that any surfer can read the section page, and its public content. This is the default setting for new sections. * [b]Restricted[/b] - Restricted access means that access is granted only to authenticated surfers. * [b]Hidden[/b] - A hidden section can be accessed only by site associates and by selected members that have been assigned as editors of this section. [title]How to limit contributions to a section?[/title] Yacs is ensuring that someone wishing to contribute to a section is also allowed to access it. Therefore the very first thing to do to limit contributions is to change access settings, as explained in previous chapter.

Additionally, yacs provides a simple way to limit contributions by locking sections. When you lock a public section or a restricted section it becomes read-only to ordinary site members. And when you lock a hidden section, its editors cannot update it anymore.

Site associates have always read - and write - access to sections, and locking has no effect on them. [title]Access rules[/title] The following table describes allowed operations on a section depending on its settings and on surfer role.

Section
settings

Site
associate

Section
editor

Site
member

Section
reader

Site
subscriber

Any
surfer

Public access

Read
Add a page
Edit section

Read
Add a page
Edit section

Read
Add a page

Read

Read

Read

Public access
+
Section is locked

Read
Add a page
Edit section

Read
Add a page
Edit section

Read

Read

Read

Read

Restricted access

Read
Add a page
Edit section

Read
Add a page
Edit section

Read
Add a page

Read

Read

X

Restricted access
+
Section is locked

Read
Add a page
Edit section

Read
Add a page
Edit section

Read

Read

Read

X

Hidden section

Read
Add a page
Edit section

Read
Add a page
Edit section

X

Read

X

X

Hidden section
+
section is locked

Read
Add a page
Edit section

Read
Unlock section

X

Read

X

X



[title]Common requirements, and related solutions[/title] You may find following examples quite useful if you are still wondering how to proceed in your specific case.

Section settings

Typical usage

Public access

All community members are encouraged to read and to react. Authenticated surfers can contribute and post new pages. Use options auto_publish, anonymous_edit and members_edit to tune settings.
Examples: discussion area, wiki

Public access
+
Section is locked

Publication is limited to section editors, and community members can react.

Example: blog from the marketing department

Restricted access

Surfers have to be authenticated to get access and to contribute. You can limit self-registration, or even create a closed group of users, to better manage confidentiality.
Example: sales micro-site, open only to sale persons

Restricted access
+
Section is locked

All readers have to be authenticated, and only selected editors can add new pages.
Every entity in your organization should have a section like this to expose itself to the others.

Hidden section

Only selected persons can interact here.
Example: project space

Hidden section
+
Section is locked

The natural evolution of a projet space that has reached its end.