The non-administrative Reader role provides read-access to published website content within a folder. A folder often corresponds to a section on your published site. When you assign or revoke the Reader role in Folder Permissions, you are configuring which sections and Web pages end-users can access.
A Reader can view Web pages, but cannot edit site content or perform other administrative tasks. The Reader role is assigned either to a Visitor group or to a Constituent group as follows (never to individuals):
- Visitor meta-user - (Initial default assignment) Provides unrestricted access, enabling any and all anonymous site Visitors to view a folder's contents as rendered on a website. The role must be revoked to None if you want to restrict a folder's read-access to registered Constituents.
- Constituent meta-user - Restricts read-access to folder contents to all registered, authenticated Constituents. This setting is only useful if the Visitor role is set to None.
- One or more specified Constituent security groups - Restricts read-access to folder contents to members of the specified group(s). To view Web pages and other content in the folder, Website visitors must be authenticated as Constituents (for instance, by signing in) and belong to the specified group. This setting is only useful if the Visitor role is set to None.
Visitor and Constituent groups can only be assigned the Reader role, and never a CMS administrator role. (Technically, the Reader role can be assigned to any non-administrative security group in Luminate Online, which includes all User Security Groups as well as any groups with no Security Mode defined.)
If a Constituent group specified here is deleted from Luminate Online, the folder is still restricted to the now non-existent group. You must revoke the Reader role manually. You may also wish to assign the role to a different Constituent group.
In a newly-created website, the Visitor meta-user is a Reader by default in the root folder, while the Constituent meta-user is None. (A newly-created sub-folder, on the other hand, inherits the role assignment of its parent folder.) All site visitors can view all published site content until the Visitor meta-user's role is revoked to None, at which point Constituent groups must be explicitly assigned the Reader role.
Therefore, you restrict read-access to a folder's contents by:
- revoking the Visitor's role to None in Folder Permissions
- explicitly assigning the Reader role to the Constituent meta-user or to specified Constituent groups.
Depending on how the folder is configured, a site visitor who tries to view a restricted-access page is prompted to sign in (authenticate) or to register as a new constituent. After signing in, a constituent is either given access to the content if she belongs to the specified Constituent group, or shown a generic or custom access-denied message if she is not in the group.