Security Features - Role-Based Permissions
How Roles Work
Most CMS software platforms have just two or three levels of permissions. Typically, they are; Admin, User, and Drafts (for making drafts).
Roles is much better, and Roles answer the following questions;
- How do we quickly offer multiple levels of permissions, based on what a person's job responsibilities are?
- What are the common Job Descriptions in local government organizations that require specific applications in the CMS?
- How can we classify groups of permissions into a single role, making it easier to assign bulk permissions to a user?
- How do we lock down groups of applications and areas of our dashboard, based on roles (like access to the HTML design area)?
- What should users see when they log into the CMS, if they have a specialized role?
Below are the roles that we have identified as needing their own permissions, views, and dashboards.
These are implemented into our platform and are continuing to evolve.
Global Roles
- Super Administrator
- Complete access to everything.
- Manage users and permissions.
- Manage groups and departments.
- Access to the administration interface.
- Can perform imports/exports (those will be logged and tracked).
- Undelete and other features.
- Staff
- Can manage all CMS content and apps that their department “owns” unless there is a permission override.
- Can add new content to their department’s pages.
- Can edit menus.
- Can access folders in the media manager owned by the department.
- Add content to the media library’s folders that are owned by their department.
- Can see reports for expired pages, pages with no content, expiring pages, etc.
Specialized Roles
- Content Administrator
- Can oversee and manage all content in the website. Every department's content, and all applications.
- Can undelete all deleted content.
- No access to the admin area for managing users.
- Can re-assign the ownership of any content.
- Content Contributor (i.e. Intern)
- Create new content without being able to publish it (creates drafts only).
- View Media folders and files owned by the department (can’t delete files).
- Can see reports for expired pages, pages with no content, expiring pages, etc.
- Cannot delete content.
- Cannot manage menus unless opted-in.
- Department Manager
- Can manage all content owned by their department.
- Can see all form submissions for forms owned by their department.
- Can undelete their department’s deleted files.
- Can see all edits done by employees in their department.
- Can create/delete department-owned folders in the file manager (coming)
- Can see special user activity reports.
- Can see reports for expired pages, pages with no content, expiring pages, etc.
-
Meeting and Agenda Manager
- Access to all calendars and meeting calendars
- Access to all maps, map layers, and map locations (events happen at locations).
- Parks and Recreation Manager (new in 2017)
- Facility reservation bookings
- Reservation online payments
- Maps for Facilities
- GIS Integration with Maps
- Bid and RFP Administrator
- Manage the entire bid system
- Manage Vendors
- Reset vendor passowords and logins
- Mass email bid addendums
- Human Resources Manager
- Manage all job postings.
- Manage the /jobs page content.
- Can add new staff members.
- View applications and resumes.
- Forward applicants to staff members.
- Control access to the secure staff portal.
- Control content on the staff portal.
- New employee on-boarding through the staff portal.
- Communications Officer
- Manage scrolling alerts on the website
- Manage Mass Email Newsletters
- Social Media Integration Control
- Change out the home page design in case of an emergency
- Manage slideshows
- Manage News and Events areas
- Web Design Administrator
- Manage the Website Settings interface (controls analytics and other site features)
- Access to the design files.
- Themes
- Page Layouts
- Scripts (Google Analytics)
- CSS Files
- Tokens
- Designer Help Resources (future)
- Access to the email newsletter design files.