The standard behavior of eZ Publish is that everything that is published under the "Content" top level node becomes a visible part of your site. For example, if you publish a news article, any user (including anonymous visitors) will be able to read that article unless the entire site requires all users to log in.

By default all content that goes under the "Content" top level node will belong to the "Standard" section. In eZ Publish, sections are used to segment the node tree. You can easily create a protected area by introducing a new section and assign it to a node. Furthermore, you can set up the built-in permission system so that it only allows a group of users to access your "secret" section.

All this can be done using only the administration interface; the following text explains how.

1. Create a folder called "Secret documents" somewhere under the "Content" top level node.
2. Go to "Setup", then "Sections" and create a section called
   "Secret section" using the "New section" button.
3. Assign the newly created section to the "Secret documents"
   folder that you created in step 1.
    

   

   Assigning Subtree to a Section

4. Bring up your site in another browser window/tab and attempt to access the "Secret documents" folder. You should not be able to access it.
5. Go to the "User accounts" tab and create a new user group called
   "Secret users".
6. Create a new user within the "Secret users" group, for example "John Connor".
7. Click on the "Roles and policies" link (located under "Access control" in the "User accounts" tab).
8. Create a new role called "Secret role" - you should see the role edit interface.
9. Add a new policy to the role.
10. When asked about which module the policy should grant access to,
    select "content". When asked about which function the policy should
    grant access to, select "read". During the final step, make sure
    that the policy grants access to the "Secret section". Click OK
    (twice).
11. Assign both the "Anonymous" and the newly created role to the "Secret users"
    group (use the assign icons on the right hand side of the list).
12. Bring up your site and attempt to log in with the user that was created inside the
    "Secret users" group. The user should be able to access the "Secret
    documents" part of the site while anonymous users will still be blocked.

If you want the users of the "Secret users" group to be able to add and edit content inside the "Secret documents" area, you'll have to add some extra policies to the "Secret role" role. Repeat steps 9 and 10, make sure that the role grants access to the "create" and "edit" functions. You can use the limitation interface to limit the users' actions in different ways.