We are working on setting up our LDAP authentication for dotCMS, and I am being asked what groups we are planning on using. I'm curious what some of you have decided works well for groups outside of the basic admin, CMSUser, and LoggedInUser groups.
We have tons of groups setup this way. I use the 3 basic groups depending on what tabs they have access to:
CMS User has Workflow, Website, and Content
Content Contributor has Workfolow and Content
CMS Administrator has everything
Then I have a 2 groups for each Department / Office / Service (aka Folders). One for the Developer (Read and Write on the folder) and One for the Publisher (Read Write and Publish on the folder). Then I just place the users in the groups based on which folder I would like to give them access to.
Good luck setting yours up. It wasn't too hard for us.
From what I've gained since originally posting this, I'm starting to think that I definitely do not need any custom groups really. At least in our environment, the basic set, combined with roles should serve enough. That's my hope anyway. In theory, each department/office will have two people, an editor and a publisher, kinda like you. At the very least, they will have a publisher. But both people would be in the same group, with roles controlling what they can do.
That is what we were going to originally do, however what I found was: until the person logs in once, you can't assign them a role. That is why I created groups for each. This also lets us control everything from the LDAP side of things .. as long as I have the groups assigned to a role and permissions for that role setup in DotCMS .. someone else can manage what groups in LDAP they are in.
We are trying to set up roles and permissions for our university. With the three groups named above, we have to create a role for each folder if we want a user to each have access to one specific folder, is that correct? How did you define your roles and associate them with different sites?
You are essentially correct. For instance, we create two roles for every folder in the system (for the most part): an editor and a publisher. We also have matching groups for those. The way that works is the groups have the roles attached to them, and the groups are assigned in LDAP. So someone gets the Department X Publisher group, which in dotCMS grants them the Department X Publisher role as well. And that role has publish rights on Department X's folder. Our generic CMS Users group gets access to things like view permissions on the domain, access to a couple basic structures and categories, and rights to use the default templates. The specific roles then control actual access around the site.
With every role we create we have to also give each role access to the correct the portlet so theyll be able to see them when they log into the cms? Is this correct? How long did it take you to implement these roles and groups?
I assign tabs/portlet/page permissions based on one group and folder/content/structure permissions based on another. I have one group "CMS Users" and that has the tab/portlet/page permissions. Users need to be entered into 2 groups in your ldap this way.
Greetings,What are you all doing online with "old" magazine stories? Do you delete issues after so many years? 5 years? 10? I'm torn between keeping all on for historical purposes or keeping just a few years online to simplify the site (ala Gerry McGovern.) Curious as to what you see best practices being.ThanksSara KisseberthBluffton Universitywww.bluffton.eduSee More
The HighEdWeb 2020 Accessibility Summit is a one-day, online conference about digital accessibility in higher education happening June 25, 2020, from 10 a.m. to 5 p.m. CDT.Join in to learn best practices, share stories and connect with your higher ed peers on topics including social media accessibility, web development, user experience and more. Sessions are designed to boost knowledge at every level, from accessibility beginners to technical experts. Conference registration is $25, with…See More
October 19-20, 2020https://2020.highedweb.org/#HEWeb20 Join us ONLINE for HighEdWeb 2020, the conference created by and for higher education professionals across all departments and divisions. Together we explore and find solutions for the unique issues facing digital teams at colleges and universities. In 2020, the Conference will be held completely online, offering multiple tracks of streamed presentations, live…See More
October 18-21, 2020 in Little Rock, Arkansas, USAhttps://2020.highedweb.org/#HEWeb20 Join us for HighEdWeb 2020, the conference created by and for higher education professionals across all departments and divisions. Together we explore and find solutions for the unique issues facing digital teams at colleges and universities. With 100+ diverse sessions, an outstanding keynote presentation, intensive workshops, and engaging networking events,…See More
The 2020 Annual Conference of the Higher Education Web Professionals Association (HighEdWeb) will travel to Little Rock, Arkansas, this October 18-21 — and the call for proposals is now open! As a digital professional in higher education, we know you have great ideas and experiences to share. From developers, marketers and programmers to managers, designers, writers and all team members in-between, HighEdWeb provides valuable professional development for all who want to explore the unique…See More