Set permissions (share editing rights)

Note: to be able to set sharing permissions in Plone you must already have Can manage or Can administrate rights.

To grant permission:
1. Ensure you are on the page or folder you wish to share
2. Click on the Sharing tab
3. Enter the username of the person you wish to add eg rxb1 or the group and click Search
4. Scroll down the list of usernames returned and tick the checkbox options next to your user to grant them Add, Edit, View or Manage rights
5. Click Save

Need for permissions

Making a site in Plone, especially something large like a Department site, can be a big task for just one person so often that job is shared amongst a number of people. Sharing, in Plone, means that you set permissions for other people that allow them some degree of control over a site. Permissions, once set on a folder, will cascade down to any content or subfolders in that initial folder. This powerful behaviour is called inheriting.

What are the different levels of permission I can set?

Currently, the available permissions are: can add, can edit, can manage, can view, can review and they can only be assigned by a person with can manage rights. This is done via the Sharing tab (see Using the Sharing Interface).

The various permissions have the following associated powers:

Can add

A user with this permission can add new content types to a Plone site from the add New editing menu e.g. they can add new pages, folders, surveys, etc. This permission would normally be used in conjunction with 'can edit' rights.

Can administrate

Can administrate is similar to can manage (below) but administrators can't grant administrator privileges to other users whereas managers can.

Can edit

A user with this permission will see the edit menu and can edit content types and change their settings. e.g. they could edit the content of a page, change the name of a folder, etc. Once edited, a person with this permission could then submit the content for publication to someone else who had 'can review' rights (see comment on Workflows under 'Can Review'). This permission would normally be used in conjunction with 'can add' rights.

Can manage

This permission trumps all others. Someone with 'can Manage' can not only add, edit, view and review content they also have the key ability to publish content (make it visible to the outside world).

Not satisfied with this, managers also have the ability to be able to assign permissions of equal or lesser level to others in their area of control. e.g. someone with can manage rights over the Physics Departmental site could make any kind of change to that site and also give any other user the permission to interact with the site ranging from basic viewing rights through to full management.

Can review

This permission is usually only used in the context of a workflow where multiple people are contributing content but only a single 'reviewer' has the right to sign off on it and publish it to the live site. Someone with review rights has the capability to publish or reject content that has been set to the state submit for publication by a contributor with add/edit privileges. A person with review rights can also publish content outside of a workflow i.e. change it from private to publish and vice versa. Review permissions also allow limited dissemination of permissions to others when used in combination with other permissions e.g. A person with add, edit and review permissions can share edit and view permissions with others.

Can view

A user with this permission will be able to see/view the content at a particular location but will not be able to edit it. This permission is often used in conjunction with an unpublished/private area to give viewing access. Viewing rights only control access to the page whilst it is unpublished.  As soon as the page has been published all users both internal and external will be able to view the page regardless of of their viewing rights.

Using the Sharing interface

When you click the Sharing tab you get the following interface:

Sharing Tab

There are 3 things of interest in the sharing interface.

  1. The Search for user or group box
  2. The user/group permissions table
  3. The Inherit permissions from higher levels checkbox

Each of these is explained below.

The Search for user or group box

Use this box to search for either the CFS username of individual that you want to assign permissions to OR the name of the group to which the individual belongs. Groups are defined in the IT Service Active Directory and include common groupings such as staff and student. Groups can be a useful way of assigning permission to a large group of people all at once, rather than giving individuals permission.

Once you've typed the (whole or partial) username or group in the search box, hit the search button and Plone will look for all matches with those parameters and present them in the user/group permissions table below. What you need to do at this point is find the right username in the table (usually there's only a few to choose from) and then use the table's check boxes to assign a level of permission.

The user/group permissions table

This table shows all users and/or groups who have permissions on your site (going down the table) and the extent of those permissions (going across the table). As mentioned earlier, the permission choices are: can add, can administrate, can edit, can manage, can view, can review. Assigning permissions is very simple, all you do is tick the checkbox or boxes associated with the particular permission(s) you want to give and then click Save

The 'Inherit permissions from higher levels' checkbox

As previously stated, permissions, once set on a folder, will cascade down to any content (pages, folders etc) within that folder. However on rare occasions it may be necessary to stop permissions from cascading down onto certain sub pages/folders. This is achieved by un-checking the 'Inherit permissions from higher levels' box on the appropriate sub page or sub folder.

Do not un-check this box if you are unfamiliar with setting permissions. Un-checking this box could potentially block all users (including yourself) from accessing the particular page/folder.

Share this page: