A folder-level Manager can assign CMS roles by folder (in Folder Permissions) to a person or a group. A folder can have multiple role assignees, where a role is assigned to one or more persons or groups for a folder. This means that an administrator can have different role assignments within the same folder, in which case one role takes precedence according to the rules for overlapping roles.
The folder-level roles in CMS are:
-
None: Blocks administrative or end-user access to folder contents.
-
Reader(non-administrative): Gives end-users read-access to published content. May be assigned to all anonymous site visitors (VisitorThe Reader Role meta-user), all registered constituents (Constituent meta-user), or to specific Constituent groups. You cannot assign the Reader role to an individual or to an administrative security group. The Visitor meta-user is initially set to Reader by default, while Constituent is set to None.
-
Author(administrative): Grants administrative access to create and submit content within a folder. May be assigned to administrative security groups or to individuals belonging to same.
-
Manager(administrative): Grants administrative access to folder contents, with Author permissions plus folder management tasks. May be assigned to administrative security groups or to individuals belonging to same.
A role can be assigned to a folder and its individual content items, and not to its sub-folders or their contents. Or you can select the check box Also change permissions to sub-folders and components to assign the role "recursively" -- that is, to the current folder as well as all of its sub-folders and their contents. The simplest way to manage folder permissions is for a Folder Manager to assign a role to a person or a group in a site's root folder, then use the check box to make the assignment recursive.
A newly created sub-folder inherits the role assignments and other properties of its parent folder. The sub folder’s permissions and properties can then be edited independently. The initial Folder Permissions pane displays:
-
All individuals and specified groups with administrative or Reader roles for this folder. If a role is revoked to None, that person or group is removed from the list and does not display.
-
The Visitor and Constituent meta-users with their Role status: either None or Reader. (Both meta-users always display even if their role is set to None.)
Groups and Contacts are maintained in Constituent360. Therefore, you may need to rely on other administrators to create and maintain the individuals and groups you use when setting folder permissions.
If a user is not initially in a group with an assigned role, but later becomes a member of that group, the user will have that role in the next browser session. For example, a registered constituent may gain access to restricted pages in a folder if she is added to a Constituent group that has a Reader role for that folder. A folder-level Author belonging to a group that is granted a folder-level Manager role will have that role the next time he logs in (unless the rules of overlapping roles dictate otherwise). The same rule applies if a role is revoked for a group.