Users, Groups, and Permissions
来源:http://weblion.psu.edu/services/documentation/bootcamp-beginners/users-groups-permissions
Controlling who can do what on your Plone site
Also available in presentation mode…
Users
- Anonymous
- Those who cannot log into Your Plone Site.
- Logged-In (or Authenticated)
- Listed as Users in Plone Control Panel.
- Their default Role is Member.
Groups
- A set of one or more Users.
Roles
- Global Roles: Apply to Entire Site. Can see these listed in Plone Control Panel.
- Local Roles: Apply to a Section of the site.
Permissions
- Roles come with Permissions
- The ability to Edit, Publish, Delete, and so on.
Granting Roles (and Therefore Permissions)
- You can grant Roles to individual Users.
- But it's usually better to grant Roles to Groups.
Sharing
- A Local way of granting Roles and Permissions.
- Share a Folder, Page, Collection, etc. with a Group...
- ...and can grant the Group Permissions on that item.
Example
- You have a folder on your site called Training.
- Authenticated User Rose Pruyne needs to add and edit content in this Training folder.
- You, the site manager, create a Group called Training Content Providers.
- You add Authenticated User Rose Pruyne to the Group Training Content Providers.
- You Share the Training folder with this Group.
- You grant Add and Edit privileges to this Group.
Why Groups Instead of Individual Users?
- Who can do what?? Where??
- Keeping track of Groups is much easier.
Recommended Practice
- Assign Users to Groups.
- Assign Groups to areas of the site, using Sharing.
- Do not assign Roles to individual users.
- Do not assign individual Users to areas of the site.
Exercise
- Add a new Folder on your site and call it Documentation.
- Add a new User to your site.
- Create a Group called Documentation Content Providers.
- Add the new User to this Group.
- Give this Group Add and Edit permissions
- Open your site in another browser and log in as the new User. Try to add a page to the Documentation Folder.