You are here: Home / Documentation / How To's / How to grant permissions (policy)

How to grant permissions (policy)

by nguyen — published Sep 30, 2009 03:09 PM, last modified Aug 16, 2016 10:50 AM
our policy on granting site permissions

Who Can Make the Request

If someone asks us to grant permissions on a Plone site, we require that the site owner or someone else who has at least the same requested permissions (or greater permissions) makes or confirms the request.

Student organizations must have their request made by the faculty/staff advisor for the organization.  

How to Do It

For auditing purposes, always add a group (with a descriptive name) and grant the group access to things, rather than individuals. If some account is granted a set of rights 3 levels deep you'll never find it when someone asks what they have rights to do.

An example

Go to Site Setup -> Users and Groups, Groups tab.  

Create a group called ContentEditors and assign people to that group. Then assign the following roles to that group:

  • Contributor
  • Editor
  • Reader
  • Reviewer

Beware: these roles will be GLOBAL to the site and they will override anything you do with the Sharing tab(s) on the site, even if you uncheck the Sharing tab's "Inherit permissions from higher levels" checkbox.  This is an important consideration if you don't want these people to have access to certain areas of the site.

Another More Restrictive / Controlled Example

As in the above example, create the group but DO NOT assign roles to the group.  Instead, in the Sharing tab(s) in specific areas of the site, assign "Can Add", "Can Edit", etc. to the group.