Security Policies

Rating-star-off Rating-star-off Rating-star-off Rating-star-off Rating-star-off (0 ratings)

Security Policies are the combination of objects and access rights. They are individual items that can be applied to any piece of the system - content types, pages, discussions, users, etc.

Introduction to Security Policy and Permissions Best Practices:

Permissions are controlled in eCrowds by Roles and Security Policies. Roles determine blanket module abilities, like creating a page, and Security Policies determine permissions to specific objects. There's a four layer inheritance for Security Policies:

  • Global full access
  • Site-wide default Security Policy
  • Module-specific Security Policy
  • Object-specific Security Policy

That is, the system first checks the object (e.g. the page or idea) for a Security Policy, then, if not found, checks the module's Security Policy, then, if not found, checks the Site's Security Policy, and, finally, grants full access if no Security Policy is present.

Community Wiki Example

How would the permissions work if you wanted to set up a wiki for your community? The best way to do it would be to set up a Security Policy at the Page module level that allowed community users to manage in addition to setting up the Site's default role to allow create and edit of pages. Then, for your non wiki pages (e.g. marketing content), you'd apply a specific Security Policy that only allows certains users and groups to manage them. You'd also apply that same, more restrictive Security Policy to your Content Types to lock down which Content Types Community Users are allowed to use (e.g. only allow them to create wiki pages and use the wiki taxonomy).

Creating a new Security Policy:

  1. Click on "Components" in the left navigation
  2. Under "Modules," select "Security Policies"
  3. Once in the Security Policies interface, click "Create new security policy"
  4. Fill in the security policy name
  5. Under "Anonymous," decide whether or not you would like to give non-registered users read access to your site's content.
  6. Under "Everyone," select the appropriate registered user access rights.
  7. Under "Users" and "Groups," add any individual users or groups to whom the security policy should be applied.
  8. Click "Create security policy" to submit.

Editing an existing Security Policy:

  1. Click on "Components" in the left navigation
  2. Under "Modules," select "Security Policies"
  3. Once in the Security Policies interface, navigate to the policy you would like to edit, and click "Edit" under "Actions" on the far right.
  4. Once in the edit window, make any changes necessary, including changes to the security policy name, anonymous and "everyone" access rights, and applicable users and groups of the policy.
  5. Click "Save security policy."

No attachments

No comments

Sign in | Free trial sign up | Follow eCrowds on Twitter

Bookmark and Share