dotCMS - Open Source Content Management System, Ondemand CMS, and Professional Support

Permissions Tutorial

The following documentation will provide recommended best practices for setting up user permissions for a website that does not plan to use LDAP authentication for creating new user accounts.  For permissions recommendations when integrating with LDAP, please see the Permissions for LDAP Integration documentation.

The dotCMS does a great job of allowing website administrators to have granular control over user access to content and web assets.  However, there are several elements to properly setting up users, groups, and roles so that each user has the appropriate access to content, webpages, and backend functionality.  Before describing the steps to permission users, it is important to have two basic concepts in mind:

• Groups - give assigned users access to dotCMS web applications and functionality by allowing the configuration of dotCMS menu tabs (pages). Groups can also assign a collection of roles.
• Roles - determine access to the web assets (folders, files, templates, containers), and to content that appear under each menu tab.

As a best practice it is recommended that dotCMS administrators develop new websites in the following order to make the permissioning process more efficient and to avoid revisiting, and re-permissioning the same objects repeatedly.

1. Create the hosts, folders, containers, templates, structures, and categories before attempting to create and assign user roles.
2. Create a "Content Contributor" and a "Content Publisher" GROUP and configure both groups as follows:
• Pages
1. Workflow - assign Workflow Tasks portlet
2. *Website  (optional for Content Contributors) - assign Website Browser portlet
3. Content - assign Content Search Manager portlet
• Roles
Add the "CMS User" system role

*Assign Content Contributors the Website tab only if they will need to upload files to a folder or will have limited access to add content on HTML pages in specific folders.  Otherwise, they can simply add new content from the Content tab.

1. Create a Content Contributor, and Content Publisher ROLE for each TYPE of user who will be adding content to your web pages. Ex. News CC, News CP (See spreadsheet below)
2. Download and fill out the permissions plan using the examples on the spreadsheet provided in the link below before creating and assigning roles in the dotCMS.

Role Permissions Distribution Plan Excel Spreadsheet

Role Permissions Distribution Plan PDF Format

1. Assign the specific content contributor and content publisher permissions to EACH *dotCMS object in your chart.

*It is important to note that content contributors and content publishers only need "View" access to Containers and Templates in order to contribute and publish content.  Only CMS Administrators should have the ability to modify or publish changes to a container or template.

1. Add the specific users to the system that you wish to permission in the User Manager portlet under the CMS Admin tab.
2. Edit each user after creating their account, click on the Groups tab and assign each user either the Content Contributor or the Content Publisher user group. - This will assign menu tabs and dotCMS portlet access.  It will also automatically assign the CMS User role.
3. Assign each user their specialized content contributor or content publisher role(s) - this will give them access to web assets and content.
4. Make sure that you log in to test the permissions for each user type you have customized.