dotCMS - Open Source Content Management System, Ondemand CMS, and Professional Support

Roles

Roles are responsible for permissioning most of the items that an user has access to in the dotCMS. There are default dotCMS roles which we call "system" roles which are pre-permissioned for all default entities present on a clean installation of the dotCMS. However, administrators will also have the ability to create news roles and create custom permissioning schemes to better fit their organizations' group of users (For example, if an organization decides to built a "Multimedia Section", its administrators will likely create roles specifically created to manage that area of the site).

Shortcut to Roles page from the CMS Admin fly-out.

Roles are like gateways to different items in the dotCMS such as Structures, Assets, Categories, and Content. Each role therefore has its own level of permission both in terms of the number of entities it has access over, but also the actual level of access that it has on each (View, Modify, Publish). When users are assigned specific roles, they in turn inherit the permissions carried by that roles. Moreover, roles are complementary, which means that one user can have many roles (News Admin, Events Admin, Campaign Editor...), each adding to the number of entities that that user has access to as well as the level of access.

A role such as "News Editor" may have been by default set to give "View + Modify" permissions to the "News Item" structure and its content (news articles), all subcategories of "News & Media", the "/news/" folder where a news editor would save all files links to news articles (images, documents). In contrast, a role such as "News Administrator" may have "View + Modify + Publish" permissions over the same set of entities, or may in addition have access to editing the News & Media home page within the site.

What this means is that every time that a user logs into the dotCMS, the system will check that users' roles and will display, hide, give publishing rights to the different entities above based on these roles.

Troubleshooting Roles: In order to see if a user has the right roles, an admin can always log in as that user. The admin will see in the "Content" tab that a user has correct access level to the right number of structures and can see where applicable all categories associated with the structure. On the "Website" tab, the admin will see that a user has access to the right number of folders/assets and ensure the level of permissioning as well.