MuraCon Notes - Access Control - Groups, Users and Permissions in Mura CMS

October 01, 2013

Access Control - Groups, Users and Permissions in Mura CMS - Malcolm O'Keeffe

Can do all this via Admin OR via code (but that takes longer)

Site Members
- people that visit the site

(there are Mura clients that run over 100 sites in 1 Mura installation.)

(*change the default "super admin" password when you build a new site!)

2 types of visitors
1 Site Members
-- public front-end visitors to the site
1 System users
-- people that administer the site in some way (i.e. they have a login for the /Admin section)

Member Groups
-- can add as many as you like, just click 'add group'


To restrict part of a site:
- click on that node in Site Mgr
- publishing
"restrict access to specific groups"
"allow all groups / restrict all groups" -- toggle who can see this section
can click the "muracon" group, click "publish"
now back in Site Mgr you'll see the "red padlock"
Now we get a "please log in" form instead of the protected content

by default, permissions are DIRECTORY based. so if you lock down /foo, all the nodes under /foo are also locked down (but you can get more fine grained that that if you need to)

Layout and Objects tab --
Content Objects - system
user tools, place in right column
at bottom of the stack

can import users via LDAP, so you don't need to manage users in 2 places.
works well for large intranet/extranet sites

System Groups --
Admin group
-- people can manage all the content and SOME sys admin stuff, but they CANT go across multiple sites

For example, make MuraCon Editors - a new group in System Groups
don't forget to go to "site permissions" and give this group permissions to DO something
so click "muracon editors " under "system groups" and set it up

now in the blog section...want to create ability for MuraCon Editors to make changes
on Site Mgr, for Blog, click "permissions" icon
click "editor" on "MuraCon Editors
...now users in MuraCon Editors group can ONLY edit things in the Blog section of the site

can mix/match different levels/groups
example: make a "marketing" group so people can only author things in Product section, but in Marketing section maybe they have full access, etc.

Mura has 2 levels of authoring
1 editor -- can create and publish content
2 author -- can ONLY create drafts, someone else has to approve/publish the content before it can be published

system group -- "content tab" section
can edit the "blue tabs on the left" in MuraAdmin so only the appropriate ones appear for the different System Groups
-- some people have different skill sets. so you can lock down the the un-useful sections of Admin for the different System Groups

Want someone to be able to make changes, but don't want them to know there is a back-end Admin area to the site?
can make Site Members have access to the FRONT-end toolbar, but they never have to log into the Admin
via front-end editing and group permissions
if you belong to a group, HR, etc
can set it up so that these users have a SIMPLE editing toolbar to add their piece of the site
(more info in the Intranet session at the end of Tuesday, last session of the day)

Assigning permissions across multiple sites --
"shared resources" tab
if you have 20 sites in a Mura install, you can have 1 group of users that can have access to ALL site sites, or just 1, just 2, etc.
for departmental things. maybe marketing only sees the marketing sub-site, etc.