Common CMS roles and access levels

后端 未结 9 1768
醉梦人生
醉梦人生 2021-01-30 03:22

I am currently writing a CMS and remember someone (it might have been on here) criticise the existing CMS for not having a robust enough user permissions system. I\'ve got a me

相关标签:
9条回答
  • 2021-01-30 04:00

    I have a custom CMS built on the Zend Framework that uses Zend's ACL to extends some basic roles (so you can deny resources specifically for additional users or allow others to access resources they normally couldn't). My basic roles go from CMS users all the way down to website "members" as follows (I just use one users table to store all my authentication).

    Developer

    Edit any content, edit layouts, settings, configuration. Use special tools that can call shell scripts and force cron jobs.

    Admin

    Edit any content, edit layouts, settings.

    Author

    Edit content.

    Member

    Can view the login screen, forgot password and bug report.

    Now, Zend has a nice ACL implementation so you can easily extends your base ACL class and add new roles that extend from the basic roles. So I might make an "Admin" who has access to one of the Developer tools (e.g. purge or cache management) or lock an author to only be able to manage blogs (and not for example news).

    0 讨论(0)
  • 2021-01-30 04:03

    Creator - responsible for creating and editing content.

    Editor - responsible for tuning the content message and the style of delivery, including translation and localization.

    Publisher - responsible for releasing the content for use.

    Administrator - responsible for managing access permissions to folders and files, usually accomplished by assigning access rights to user groups or roles.

    Consumer, viewer or guest- the person who reads or otherwise takes in content after it is published or shared.

    0 讨论(0)
  • 2021-01-30 04:07

    I asked this question a little bit ago and got the following response.

    admin           //Manage everything
    manager         //Manage most aspects of the site
    editor          //Scheduling and managing content
    author          //Write important content
    contributors    //Authors with limited rights
    moderator       //Moderate user content
    member          //Special user access
    subscriber      //Paying Average Joe
    user            //Average Joe
    
    0 讨论(0)
  • 2021-01-30 04:08

    Admin : The one with all the rights

    Author : The one who has all rights to a specific content (like a blog author who owns the blog), also has the permissions to add/invite users to collaborate/view the content

    Collaborator : The one who can edit/add content to which the author has given rights, cannot delete the content or invite/add more collaborators

    Viewer : The one who can view the content if the author has invited to view

    Editors : The one who can approve/edit all types of content

    Having a fine grain control is not a bad idea if you expect advanced users/developers to use the CMS. But for novice CMS managers, the basic roles make the system much more usable.

    0 讨论(0)
  • 2021-01-30 04:12

    I wouldn't necessarily dismiss the fine grained control system you have now. If you have one that is adaptable focus on hiding away the complexity by providing a simplified interface (eg use the facade pattern or the adapter pattern). The benefits are that you provide users with the simplified version (simple permissions like 'admin' can 'delete' a 'post') while still retaining the fine grained features should you need them later (eg more complicated permission handling is to allow to delete posts when the post is your own post in category X). Then you can provide an alternative to the simplified version for that need in some places.

    0 讨论(0)
  • 2021-01-30 04:13

    Administrator - can create users + all below

    Editor - can edit posts of others + all below

    Author - can write posts, edit own posts

    0 讨论(0)
提交回复
热议问题