For our clients from the non-profit environment, we have developed a typical rights configuration for three backend user groups that fits 80% of the cases.
This group is allowed to do anything.
This group may create all pages and content objects and delete pages, but is not shown all backend functions.
- Web: Info, Indexing, Template, Speaking URLs, Redirects
- Admin Tools
This group is only shown what the editor-in-chief is allowed to see and is only allowed to create a reduced number of pages and content objects. It is not allowed to delete pages, but only to deactivate them.
Pages, that may not be created:
- Start pages
- Donation pages
- Categories: Editors may assign free keywords/tags, but not topics.
This rights group is preset, but is only needed when working with sensitive data, e.g. when the account details are given on a membership form. This group has reading rights to the form data; these rights are deactivated for the editorial team or, if applicable, the chief editor.
This group has backend access where it does not see anything and is not allowed to.
LDAP (AD) API:
The rights configuration is prepared for connection to an external access management system based on an LDAP interface (LDAP = Lightweight Directory Access Protocol). The LDAP interface is usually compatible with the Active Directory (AD) commonly used in the MS environment, as this is based on LDAP. We use an LDAP interface ourselves to manage our access to our customers' CMS instances. In this way, we ensure that support accesses for employees leaving wegewerk are automatically deactivated. The LDAP interface is therefore included in the basic functions.
Assignments are preset for the following LDAP groups:
cms_common_adm -> administration rights
cms_common_chief_editor -> Chief editor rights
cms_common_editor -> Editorial rights
For other configurations the additional effort will be charged.