The Official PostNuke Installation & Getting Started Guide: Revision 9939 / Preview | ||
---|---|---|
Prev | Chapter 17. Groups & Permissions | Next |
Q1. What is the permissions system for?
A: The permissions system is designed to allow site administrators to protect their site content and restrict operations to their desired level of detail.
For more information on the permissions system, check out the online help within PostNuke. Log in as Administrator, go to Permissions, and click "View Group Permissions" or "View User Permissions". On the screen that is displayed, several of the text items are 'clickable'... Click them to open windows that provide additional explanation.
Q2. I don't like it! I prefer the way it worked before.
A: The permissions system is set up initially to work in a style very similar to the old PostNuke. To make a user an Administrator of a site, go to Administration -> Groups and add that user to the 'Admins' Group.
Q3. Why are there so many warnings in the permissions manual about getting the permissions right?
A: It is critically important that you configure permissions properly. Failing to do so can open up the site to allow anyone to update, add, or even DELETE content on the site. However, provided that you read these instructions carefully and do not change the default permissions unless you are absolutely sure of what you are doing, this should not happen.
Q4. Why can't users access the Polls unless they log in? or Why can't users comment on Stories unless they log in?
A: The permissions system is set up initially to only allow Unregistered users to have generic read-level access. To allow unregistered users to comment on items, look in the group permissions setup for a line that looks like this:
Unregistered .* .* Read
...and edit it so that it says:
Unregistered .* .* Comment
Be sure to save any changes.
Q5. Why do I need that '.*' on the end of my permissions?
A: You don't. Since PostNuke .710, 'Foo:' is the same as 'Foo:.*'.
The most obvious use of this is in the first entry for the group permissions, which is
Admins .* .* Admin
...which says 'Admins are allowed to administer anything'
For details on allowing different types of content, check out the online manual pages for the Permissions system.
Q6. How do I add a sub-admin to my site that has access to certain features, plus have the Administration menu accessible to them?
A: We're going to need two sets of permissions, one to actually edit a story, and one to allow the Administration link to show up in the 'main menu.'
The following permissions would allow this to happen (do not include the square brackets):
Admins .*.* Admin Edit Delete
SubAdmin [(Stories::)|(Modulename::)|(Modulename::)] .* Admin
SubAdmin Menublock:: Main Menu:Administration: Read
All groups Menublock:: Main Menu:Administration: None
Replacing 'Modulename', above, with an actual module name would give your sub-admin access to those modules as well.
Remember NOT to include the square brackets!
Q7. How do I force users to enter login name and password at the homepage?
A: We must first allow Unregistered users to see the Login block (we have to allow them to login!), by adding:
Unregistered Loginblock:: .* Read
We then change the default permission to not allow Unregistered users to read anything, thus
Unregistered .* .* Read
...becomes...
Unregistered .* .* None
Be certain to add the lines in the order as specified or else it will not function as expected.