General

  eZ Systems Website
  Developer documentation


  Editor documentation

  Back to the top

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
bgColor#ffffff
titleBGColor#dddddd
titleOverview
Section

The permission system in eZ allows you to very precisely define which users have access to which functions of the website.

 

The permission system in eZ is complex, multi-level and very flexible.

Users can be assigned to User groups. Both User groups and individual Users can be assigned Roles and Policies, further defined with the use of Limitations.

Roles and Policies are set up in the Admin Panel.

Panel
bgColor#ffffff
titleBGColor#dddddd
titleIn this topic

Table of Contents
maxLevel3

Panel
bgColor#FFFFFF
titleBGColor#dddddd
titleRelated topics

Permissions

Custom policies todelete

Managing Sections

 

 

Anchor
Permissions overview
Permissions overview
Permissions overview

Overview of the permission system in eZ is best presented using an example:

 

Let us assume you are managing a newspaper website. Your crew consists of an editor-in-chief and several editors responsible for particular sections of the paper: general news, local news, sports etc. You also have contributors who occasionally add new articles.

You want to give the editor-in-chief access to most parts of your website, but the individual editors will only work with their own sections. To the contributors you want to give the permissions to create new Content, but not to modify or delete existing Content.

In order to have this setup you need to create a number of different Roles: Editor-in-Chief, different Editor(s) and Contributor.

Tip
titleTip

Even if you plan on having only one editor-in-chief, it is good practice to create a User group to contain this user, and assign a Role to it instead of assigning permissions directly to the user.

To each of these Roles you need to assign proper Policies, giving them the right to perform certain actions.

The Editor-in-Chief Role would have the most Policies (although you may want to reserve some more advanced permissions only for system administrators). Regular Editors need Policies allowing them to create, modify and delete Content. Contributors can be given Policies permitting them to only create Content.

If you want to prohibit Editors from accessing Content from newspaper sections other than their own, you can add limitations to their Policies. This means that instead of one Editor you need to have separate Roles for each editor profile: Local Editor, Sports Editor etc. All of these Roles will have the same Policies, but to each Policy you need to assign a limitation which would mean that the permission covers only one Section (sports section, local news section etc.) that the editor works in.

 

Aside from Policies that define access to Content items, there are also many other Policy types concerned with administrating the system. They cover actions such as activating new Users, creating Sections, modifying Content Types etc.

 

Anchor
Roles
Roles
Roles

A Role consists of a number of Policies, each of which defines access to one functionality of one module (for example modifying articles).

 

Anchor
Creating new Roles
Creating new Roles
Creating new Roles

Panel
bgColor#ffffff
titleTo create a new Role:

1. In the Navigation hub click Admin panel.

2. Select Roles.

Info
iconfalse

 A list appears with all the currently configured Roles.

List of Roles set up in the system

3. Click Create a role below the table.

4. Enter the name of the new Role and click Save.

 

Anchor
Assigning Roles to Users
Assigning Roles to Users
Assigning Roles to Users

Panel
bgColor#ffffff
titleTo assign a Role to Users or User groups:

1. In the Navigation hub click Admin panel and select Roles.

2. Click Assign to users/groups next to the Role you want to modify.

Info
iconfalse

The Universal Discovery Widget opens.

3. In the Users category select the Users or User groups you want to assign the Role to.

Tip
titleTip

You can select more than one User or User group in this way. Navigate to each of them and click Choose this content. This User (or group) will be added to a list at the bottom left of the Discovery Widget. If you want to remove a previously selected User, click this list and remove the entry from it.

4. Click Confirm selection.

 

Anchor
Unassigning Roles
Unassigning Roles
Unassigning Roles

Panel
bgColor#ffffff
titleBGColor#ffffff
titleTo unassign a Role from a User or User group:

1. In the Navigation hub click Admin panel and select Roles.

2. Click the name of the Role you want to modify.

3. In the Role view, switch to the Users and groups using the <Role name> role tab.

4. Click Delete assignment next to the User or group you want to unassign.

 

Anchor
Policies
Policies
Policies

A Policy can be understood as a permission for a single action in a specified part of the website system. Each Role can be assigned any number of Policies.

A Policy consists of:

  • module - the part of the website or system it concerns, for example: Content, User, Role, Section
  • function - the action on the module it allows, for example: Create, Edit, Assign
  • (optional) limitations
Note
titleNote

By default a User or User group has no permissions. Roles and Policies are used to grant permissions to do something, not to prohibit doing it.

 

Anchor
Adding Policies
Adding Policies
Adding Policies

Panel
bgColor#ffffff
titleTo assign a Policy to a Role:

1. In the Navigation hub click Admin panel and select Roles.

2. Click the name of the Role you want to modify.

Info
iconfalse

A list of all Policies of this Role appears.

List of Policies for the Editor Role

3. Click Add new policy below the list.

4. Select a combination of module and function in the Policy type menu.

Info
iconfalse

 The menu lists all possible operations on all modules existing in the system.

Drop-down with available new Policies

5. Click Save to confirm the new Policy.

Tip
titleTip

Click Save and add limitations if you want to immediately add limitations to the new Policy. You can also simply save it for now and add limitations later.

 

Anchor
Limitations
Limitations
Limitations

Limitations further specify permissions granted by a Policy by narrowing their scope. For example, a limitation may state that a given Policy covers only a selected Content Type or Section.

 

Anchor
Adding limitations
Adding limitations
Adding limitations

Panel
bgColor#ffffff
titleBGColor#ffffff
titleTo add a limitation to a Policy:

1. In the Navigation hub click Admin panel and select Roles. Click the name of the Role you want to modify.

2. Click Edit limitations next to the selected Policy.

Info
iconfalse

A screen appears with a list of possible limitations. The types of limitations depend on the type of the Policy your are editing. For some Policies no additional limitations are available.

3. Select a limitation (or limitations) from one or more of the lists.

Tip
titleTip

If you want to select more than one limitation of the same type (for example, several Sections), Ctrl-click or Command-click all these items on the list.

4. Click Save.

Info
iconfalse

Details of the chosen limitation appear in the Policies list.

Info

To change the name of an existing Role, click its name in the list to view its details and then click Edit role name. In this screen you can also remove a Role by clicking Delete.