Role Abilities
Overview
Abilities are individual actions that Cascade CMS users are capable of making. Some actions are very basic, like being able to view the Publish Queue. Others - like being able to change the LDAP setup - are a bit more important, but both are controlled by role abilities.
Roles and their abilities apply in two contexts: System and Site. A System Role primarily governs access to administrative, non-content areas of Cascade CMS. For example, the ability to create new sites and groups, users, and roles will fall within the control of a System Role. Essentially, if it doesn't have to do with a Site, it will be a System ability.
A Site Role is assigned specifically to a site and applies to a site only. For example, the ability to publish content or to bypass workflow within a site are only going to apply when the Site Role is assigned to a specific site.
The permissions tables below outline the available System and Site Role abilities.
System Role Abilities
System Abilities
Ability | Required Abilities | Description |
---|---|---|
Bypass all permissions checks | Gives read and write access to all assets. |
Site Management Abilities
Ability | Required Abilities | Description |
---|---|---|
Access the Site Management Area | Ability to access the Site Management area to create edit or delete sites. | |
Access All Sites | Ability to access the Home area of all sites. | |
Create Sites | Ability to create new sites. |
Administration Area Abilities
Ability | Required Abilities | Description |
---|---|---|
Access the Administration Area | Controls who can navigate to the Administration Area. | |
Access Users, Groups, and Roles | Access the Administration Area | *Gives the ability to access Users, Groups, and Roles. |
View Information and Logs and Send Support Request in Administration Area | Access the Administration Area | Gives the ability to view and download system information and logs. |
Force logout of users | Access the Administration Area | Gives the ability to log out other users from the system. |
Access/Modify Default WYSIWYG Editor Configuration | Access the Administration Area |
Allows users to access and update WYSIWYG editor configurations in the Manage Site area for the site. Because there are no individual permissions or containers for editor configurations, users with this ability will have access to all of the site’s editor configurations. All users who have access to update the site’s settings can choose a default editor configuration, regardless of this ability. |
Modify Dictionary | Access the Administration Area or Access the Manage Site Area (Site Role) |
Allows users to access and edit the System Dictionary. |
* Having the ability to access a particular administration area asset does not circumvent access rights applied to assets of that type.
Home Area Abilities
Ability | Required Abilities | Description |
---|---|---|
Edit Access Rights | Ability to change access rights to the assets to which the user has write permission by assigning the groups and users that the user has abilities to view. | |
View the Audits Tab | Ability to view the audits of assets to which the user has read permission. |
Tools Abilities
Ability | Required Abilities | Description |
---|---|---|
Optimize Database | Ability to use the Database Optimizer tool. | |
Sync LDAP | Ability to trigger an LDAP synchronization. | |
Modify Logging | Ability to choose different classes/packages that should be outputting logging information. | |
Search and Indexing | Ability to access the Searching and Indexing tool. | |
Modify Configuration Files | Ability to access Custom Authentication Configuration, Image Editor Configuration, Image Editor Licence, LDAP Configuration, Product License and Publish Trigger Configuration. | |
Announcements | Ability to create and send system-wide announcements. | |
Database Export Tool | Ability to use the Database Export Tool. | |
Edit System Preferences | Ability to access and change General, Email, and Content Preferences. |
Security Area Abilities
Ability | Required Abilities | Description |
---|---|---|
View users that share groups with current user | Access Users, Groups and Roles | Ability to view users of the same group as the current user. |
View all users | Access Users, Groups and Roles | Ability to view all users. |
Create users | Access Users, Groups and Roles, either View all users or View users that share groups with current user | Ability to create new users. |
Delete users that share groups with current user | Access Users, Groups and Roles, either Edit all users or Edit users that share groups with current user | Ability to delete users of the same group as the current user and at the same time the current user must be able to edit the user. |
Delete all users | Access Users, Groups and Roles, either Edit all users or Edit users that share groups with current user | Ability to delete any users that the current user is able to edit. |
Edit all users | Access Users, Groups and Roles, either View all users or View users that share groups with current user | Ability to edit any users. |
Edit users that share groups with current user | Access Users, Groups and Roles, either View all users or View users that share groups with current user | Ability to edit users of the same group as the current user. |
View groups to which current user belongs | Access Users, Groups and Roles | Ability to view the current user's groups. |
View all groups | Access Users, Groups and Roles | Ability to view all groups. |
Create groups | Access Users, Groups and Roles, either View all groups or View groups to which current user belongs | Ability to create new groups. |
Delete groups to which current user belongs | Access Users, Groups and Roles, either Edit all groups or Edit groups to which the current user belongs | Ability to delete the current user's groups that the current user can edit. |
Delete all groups | Access Users, Groups and Roles, either Edit all groups or Edit groups to which the current user belongs | Ability to delete any groups that the current user can edit. |
Edit all groups | Access Users, Groups and Roles, either View all groups or View groups to which current user belongs | Ability to edit any groups. |
Edit groups to which the current user belongs | Access Users, Groups and Roles, either View all groups or View groups to which current user belongs | Ability to edit the current user's groups. |
Access Roles | Access Users, Groups and Roles | *Ability to view all roles in the system. |
Create Roles | Access Users, Groups and Roles | *Ability to create roles in the system. |
* Having the ability to access a particular administration area asset does not circumvent access rights applied to assets of that type.
Site Role Abilities
System Abilities
Ability | Required Abilities | Description |
---|---|---|
Bypass all permissions checks | Gives read and write access to all assets in the site. |
Administration Area Abilities
Ability | Required Abilities | Description |
---|---|---|
Access the Manage Site Area | Ability to access the Manage Site area. | |
Access Asset Factories | Access the Manage Site Area | *Gives the ability to access Asset Factories. |
Access Configurations | Access the Manage Site Area | *Gives the ability to access Configurations. |
Access Connectors | Access the Manage Site Area | *Gives the ability to access Connectors |
Access Content Types | Access the Manage Site Area | *Gives the ability to access Content Types. |
Access Data Definitions | Access the Manage Site Area | *Gives the ability to access Data Definitions. |
Access Shared Fields | Access the Manage Site Area | *Gives the ability to access Shared Fields. |
Access Metadata Sets | Access the Manage Site Area | *Gives the ability to access Metadata Sets. |
Access Publish Sets | Access the Manage Site Area | *Gives the ability to access Publish Sets. |
Access Destinations | Access the Manage Site Area | *Gives the ability to access Destinations. |
Access Transports | Access the Manage Site Area | *Gives the ability to access Transports. |
Access Workflow Definitions | Access the Manage Site Area | *Gives the ability to access Workflow Definitions. |
Run Transports and Destination Diagnostic Tests | Access the Manage Site Area and access to at least one of these: Transports, Destinations | Gives the ability to test Transports and Destinations. |
Access/Modify Site's WYSIWYG Editor Configurations | Access the Manage Site Area | |
Publish Readable Administration Area Assets | Access the Manage Site Area and access to at least one of these: Publish Sets, Destinations | Ability to publish Administration Area assets (Publish Sets and Destinations) to which the user has read permission. |
Publish Writeable Administration Area Assets | Access the Manage Site Area and access to at least one of these: Publish Sets, Destinations | Ability to publish Administration Area assets (Publish Sets and Destinations) to which the user has write permission. |
* Having the ability to access a particular administration asset does not circumvent access rights applied to assets of that type.
Home Area Abilities
Ability | Required Abilities | Description |
---|---|---|
Bypass workflow | Ability to bypass workflow when creating, editing, copying and deleting assets. | |
Assign to self and approve steps in a workflow | Ability to assign workflow steps to the current user and to be assigned to transition steps in a workflow. | |
Delete workflows | Ability to delete workflow. | |
Assign workflows to folders | When user has edit access to a folder, they can also assign workflows to that folder. | |
Upload images in file chooser | When editing an XHTML block or a page with a WYSIWYG editor, ability to upload images through that editor. Ability to upload images through File choosers. Folders restricted by workflow can not be selected. | |
Multi-select copy | Bypass workflow | Ability to copy several assets at the same time. |
Multi-select publish | Publish either readable or writeable Home Area assets | Ability to publish several assets at the same time. |
Multi-select move | Bypass workflow | Ability to move several assets at the same time. |
Multi-select delete | Bypass workflow | Ability to delete several assets at the same time. |
Modify outputs on pages | Ability to assign different blocks and formats at the page level when editing a page. | |
Modify the Content Type of pages | Ability to assign a different Content Type to a page when editing it. | |
Bypass WYSIWYG editor restrictions | Ability to access restricted elements in the WYSIWYG editor configuration. | |
Bypass Accessibility, Link and Spell Checks when submitting content changes | Ability to bypass content checks enabled at the system or site level. | |
Modify Data Definitions of Pages and Blocks | Ability to assign or update a Data Definition assignment in pages and Data Definition blocks. | |
Move or Rename assets | Ability to move or rename assets. | |
Publish readable Home area assets | Ability to publish Home area assets to which the user has read permission. | |
Publish writeable Home area assets | Ability to publish Home area assets to which the user has write permission. | |
View the publish queue | Ability to view the Publish Queue in a particular site. | |
Reorder the publish queue | View the publish queue | Ability to reorder jobs in a site's publish queue. |
Cancel publish jobs | View the publish queue | Ability to cancel jobs in a site's publish queue. |
Edit access rights | Ability to change access rights to the assets to which the user has write permission by assigning the groups and users that the user has abilities to view. | |
View the Versions tab | Ability to view previous versions of assets to which the user has read permissions. | |
Activate or delete previous asset versions | Ability to activate or delete previous versions of assets to which the user has write permission. | |
View the Audits tab | Ability to view the audits of assets to which the user has read permission. | |
Break locks on assets | Ability to break a lock on assets so that the users who were editing the asset previously won't be able to submit their edits and the asset will become available for another user to edit it. | |
View Asset Factories in New menu even if user does not belong to any of their applicable groups | Ability to see all the site's Asset Factories in the new menu. | |
Choose Destinations to publish to even if user does not belong to any of their applicable groups | Publish either readable or writeable Home area assets | Ability to choose any destinations that are applicable for publishing. |
Be assigned to and use Workflow Definitions even if user does not belong to any of their applicable groups | Ability to start any workflows that are applicable for the asset. | |
Notify users by email about stale content | Ability to send email notifications from the Stale Content Report. | |
Access site-wide broken link report | Ability to access the Broken Links Report. | |
Mark broken links as fixed on the site-wide broken link report | Ability to mark links as fixed in the Broken Links Report. |
Tools Abilities
Ability | Required Abilities | Description |
---|---|---|
Zip Archive | Ability to upload and unpack a zip archive. | |
Bulk Change | Bypass workflow | Ability to use the Bulk Change tool. |
View and Restore only assets the current user deleted | Ability to view and restore assets in the Trash that have been deleted by the current user. | |
View and Restore all assets in the Trash | Ability to view and restore assets in the Trash that have been deleted by the current user or any other user. | |
Permanently remove assets from the Trash | Ability to remove assets from the Trash which permanently removes them from the system. |
Integrations Abilities
Ability | Required Abilities | Description |
---|---|---|
Access Siteimprove integration | Ability to access the Siteimprove integration when viewing folders and pages. |