Policies extend EditMe's standard security capabilities by allowing site administrators to create custom security settings for individual or multiple User Groups. Once a policy is created, it can be specied as the Security Policy for site-wide viewing and/or editing in the Site Security section of Site Settings, or as the policy for any individual page from the Security dropdown on any page editing screen.
By default, all users are either Administrators or Registered users. Using Policies, you can create more granular security settings. EditMe follows this process to determine whether a user can view and/or edit a page (a Yes answer to any question means access will be granted):
- Is the user an Administrator?
- Is the user Registered, and are Registered users allow to view and/or edit by the Site Security settings?
- Is the user Registered, and does the requested page over-ride the Site Security settings to allow Registered users to view and/or edit?
- Is the user Registered, and does the Policy specifed in Site Security or over-ridden on the requested page allow Registered useres to view and/or edit?
- Is the user Registered and a member of a Group that is allowed to view and/or edit all pages by the Policy specified in Site Settings?
- Is the user Registered and a member of a Group that is allowed to view and/or edit the page by the Policy specified in the page's individual Security setting?
- Is the user anonymous, and does the Site Security setting allow Public users to view and/or edit all pages on the site?
- Is the user anonymous, and does the requested Page over-ride the Site Security setting to allow Public users to view and/or edit?
- Is the user anonymous, and does the Site Settings specify a Policy which allows Public users to view and/or edit pages?
- Is the user anonymous, and does the Policy specified by the requested page's security setting allow Public users to view and/or edit pages?
Before managing policies, you may first want to create one or more User Groups using the Groups section of Site Settings. Once you have create one or more Groups, go to the Policies section of Site Settings to manage Policies.
To create a new Policy, click Add Policy. Any existing Policy can be edited or deleted from this page by clicking Edit or Delete next to any policy in the list.
Each policy has the following attributes:
- Name - this is a descriptive name for the policy. This name will appear in dropdowns on the Site Security section of Site Settings and in the Security dropdown when editing pages.
- Public Permissions - this setting specifies how Public, or anonymous, users will be handled by the policy.
- Registered Permissions - this setting specifies how all Registered users (whether they're in a particular group or not) will be handled by the policy.
- Group Permissions - each user group can be given specific access rights.
Note that if a user is in multiple groups, whichever group grants the most access will apply.
Also see this Tip of the Week for a thorough example of Groups and Policies.
Back to Site Administration