Advanced Group-Based Security - Team Logic Help System

CMS-Logic > Complete Feature List > CMS Security > Advanced Group-Based Security

Advanced Group-Based Security

Note: Modifying security permissions requires administrative access

For Group-Based security permissions to work, the staff member must first have the role-based permissions for the modules and pages you are working with. See the article on "Basic Role-Based Security" to set these permissions. For example, if you only want certain staff members to access a job postings module called "Job Postings in Delaware", the staff members that need access must first have the role "Job Postings" as described in the aforementioned article. Note that "Applications", like the "News Ticker" only need basic role-based security permissions. This is because there is only one "News Ticker", and group permissions would be redundant.

You can edit group permissions in the "CMS Group Permissions" administrator (Found in administration, the cms dashboard and the cms dropdown). There will also be a "Group Permissions" link in the header of specific modules, navigation trees, and pages. These two methods do the same thing, they are just a different way of getting to the settings window. Before we get started take note of the following facts:

  • Leaving all departments/roles unchecked for a specific module/page/tree assumes all staff with role-based security permissions can receive access.
  • Because a navigation tree can interact with any page, giving staff access to ANY NAVIGATION TREE will result in access to ALL PAGES regardless of page-level group permissions.
  • A user with the role of "Administrator" can edit anything within Team-Logic and will bypass any group permissions.
  • The first time you set up CMS group permissions, it is helpful to create a "Test" employee. This is because after the permissions are set, you can log in as this employee and ensure they can only see what is desired. Better safe than sorry!

We will highlight how to use group permissions with an example. Steve from your town's "Planning Board" should ONLY be able to access the home page and the event calendar for the Planning Board, while Mike from the Town Council should be able to access everything.

Firstly, we need to set up roles for both Steve and Mike. In this example we will use "Roles" but "Departments" will work the same way if it makes more sense. Mike should be able to see all navigation trees, pages, and modules, so we will create a "Content Administrator" role.  Steve is on the planning board so we need to create a "Planning Board Manager" role. These are created by clicking on "Admin" and then "Groups". There is an add button next to the list of roles. Only the group name is required.

Next, we will add Steve and Mike to these roles. Get to the staff edit screen by clicking on "Admin" and then "Staff". Click on Steve's name, browse to the groups tab, select the "Planning Board Manager" role and then save. Repeat for Mike, adding him to the "Content Administrator" Role.

Lastly, each module and page must be assigned its specific role. For convenience, we will use the "CMS Group Permissions" admin. You can get to this by clicking on "Admin" and then "CMS Group Permissions".

Mike is a member of the "Content Administrator" role, and should be able to see everything. This means EVERY module, tree, and page should be assigned to the "Content Administrator" role. There is a button labeled "Permission Mass Update" in the right corner of the header. This will allow you to add the group to every CMS item with a few clicks. Select the "Content Administrator" group, leave all CMS item types selected, and keep the selection on "Add groups to Selected CMS Items". Once updated, all cms items that are available in the admin will have your role selected. Any future pages or modules created will need this role selected. This is because if no roles are selected, Team-Logic will assume anyone with basic role-based permissions can access it.

The last step will be to set what Steve can edit. Assume there is a page called "About the Planning Board" and an event module called "Planning Board Meetings". We would select the page from the administrator, then check the role "Planning Board Manager". This is in addition the the "Content Administrator" role we have already selected. Repeat this for the event module.

Done! Once they log in, Steve and Mike will now happily go about their work.