Setting Security on a Page, Component, or Folder
The CMS has three levels of security that can be applied to any node in the content tree—pages, components, and folders:
- Full access
- Read-only access
- No access (which hides the node entirely)
Security is set on a per-group basis so that different groups can be granted different access levels on the same node. A child node inherits the security settings of a parent node by default, unless the security of the child node is configured.
Any group with administrative rights (defined as a group that can change system settings) has unrestricted access to all nodes in the site tree. Thus, members of an administrative group always have complete access to the site tree.
Setting a Node's Security
To view or edit a page's security settings, right-click it in the site tree and select Page Properties from the context menu. Then click the Page Security tab.
By default, pages inherit security from their parents. To change the security of a page in the the tree, uncheck Inherit security settings from parent page.
To set security for a specific group, click Add and select a group. Then select a security access level.
To delete a group from the security settings, select the group and click Remove.
Note: To set a group's security level as No Access, you must first remove the Everyone group from the page. This is because the Everyone group, which includes all users, by default has read-only access to every node in the site tree.
Node-By-Node Security in Practice
The administrator has full access and can see all the nodes in the Site Tree, regardless of his or her security settings. If a group has the No Access setting enabled (directly or through inheritance) for individual nodes, then groups members cannot see that node. If a group has the Read Only setting enabled (directly or through inheritance) for individual nodes, then groups members can see but cannot edit that node and its children. The node and its children display as dimmed, regardless of whether or not its children have less restrictive group permissions.
Security Inheritance
When the Inherit security settings... check box is unselected, a site tree node no longer inherits its security settings from its parent node.
This has important implications. For a give user, the security of a child node may be less restrictive, more restrictive, or equal to that of its parent. For example, a parent node may allow full access while its child node allows read-only access; likewise, the parent node may allow ready-only access while its child allows full access.
If a parent node is set to No Access, all of the child nodes will be inaccessible, regardless of their security settings.