Wednesday 02 July 2008 5:44:00 am
The permission system controls access to your site's content and functionality. It includes a set of user accounts and access permissions. Here, we focus on the relevant concepts and how to manage the permission system in the Administration Interface. This article is the second in a mini-series based on concepts presented in the new book eZ Publish Advanced Content Management. It includes an example at the end that builds upon what was discussed in the first article in this series in order to create a protected area on a site.
Note that this article assumes that you have administrator-like permissions in order to access the Setup tab in the Administration Interface. For information about the general layout of the Administration Interface, see this article or the eZ Publish Content Management Basics book. You should also have general knowledge on how to create and edit content in the Administration Interface.
This article was written to be compatible with eZ Publish 4.0, although the concepts and procedures should be similar for other versions.
Without permissions, access to everything on a site is completely denied; it is only by the cumulative assignment of permissions that users are permitted to view content and use site functionality.
The permission system can be split into four components, as illustrated in the following figure:
Permission system components
As shown, the four components are:
eZ Publish comes with a set of built-in user groups, and at least an Administrator user and an Anonymous user. This ensures that there is a way to log in to perform site management tasks (and add more users and groups to the system), and that unregistered site visitors are permitted to view unrestricted content.
Similar to how a user group consists of users and possibly other groups, a role consists of policies. Roles can be assigned to user groups or individual users. Note that policies cannot be assigned directly to users or groups.