Movable Type Enterprise Documentation
Search

Back to docs index

Chapter Roles and Associations

In this section:

Associations are a combination of a users, groups, roles and weblogs which, together, afford some set of weblog-level capabilities within the system.

Associations can be created in four different ways:

  • From the System Overview > Associations page
  • Create a user association
  • Create a group association
  • From a user's Profile > Associations page
  • Add to a weblog
  • From a group's Profile > Associations page
  • Add to a weblog
  • From a weblog's > Users & Groups page
  • Add a user to this weblog
  • Add a group to this weblog

Creating an association in the first way is a three-step process (Select user/group, role, weblog). In the latter three cases, it's a two step process since one desired element is already in context. While system administrators can create and manage associations for any weblog, with Movable Type Enterprise v1.5, weblog administrators can create and manage associations for the blogs which they administer.

Note: Only System Administrators can create associations.

See also: Managing User and Group Permissions

| | Comments (0)

Permissions are now part of Roles, but the order in which the Permissions are displayed in the Role Details have been re-ordered so as to show importance of the permissions:

  • Weblog Administrator - This quasi-role is the exact equivalent of a user who has been individually granted all of the permissions listed below, allowing them full control over every aspect of the weblog.
  • Configure Weblog - Users granted this privilege for a particular weblog can access the configuration settings for that weblog.
  • Edit All Entries - Users granted this privilege for a particular weblog can modify all entries, comments and TrackBacks posted on that weblog, regardless of who authored them.
  • Manage Templates - Users granted this privilege for a particular weblog can access the weblog's template editing section, edit or delete existing templates or create new ones.
  • Upload File - Users granted this privilege for a particular weblog can upload files onto the web server through that weblog’s left hand navigation bar.
  • Create Entries - Users granted this privilege for a particular weblog can compose and post new entries on that weblog. An user is permitted to manage all comments or TrackBacks on any entry they create.
  • Add/Manage Categories - Users granted this privilege can edit and delete existing categories on the weblog or create new ones. All users may assign pre-existing categories to entries which they create.
  • Manage Tags - Users granted this privilege can rename, merge or delete entry tags created for the designated weblog.
  • Manage Notification List - Enables a user to add or delete notification list subscribers from the weblog's notification list.
  • Send Notifications - Enables a user to send entry notifications to subscribers listed in the notification list or to arbitrary email addresses.
  • View Activity Log - Enables a user to access the weblog's activity log. This permission is not needed if the user has the corresponding system level permission and access to the particular weblog.
  • Rebuild Files - Users granted this privilege can rebuild the weblog.

See also: Roles

| | Comments (0)

Movable Type Enterprise has a granular permission system which allows administrators to finely control what each user is allowed to do within the system. To accommodate this the following entities are used:

System Administrator Profile

The high-level profile that is defined by default within Movable Type Enterprise is System Administrator. All lower level permission profiles contain a combination of permissions assigned through the roles and associations.

Unique combinations of user privileges comprise various permissions profiles. It is up to your organization to define these assignments and the privileges of which they are comprised, as well as assign permissions to the right individuals for use with the right weblogs.

System Administrators have no restrictions within the system and inherit all privileges for all weblogs within that system, regardless of their specific association with a particular weblog. Responsibilities include, but are not limited to:

  • Creating users and modifying permissions
  • Creating new weblogs
  • Viewing or modifying other weblogs other than those for which they have specific permissions.
  • Installing plugins and configuring/enabling/disabling them system-wide

General Permissions (System-Wide)

  • System Administrator - System Administrators have no restrictions on their abilities within the system and inherit all privileges for all weblogs within that system, regardless of their specific association with a particular weblog.
  • Create weblogs - Allows a user to create unlimited new weblogs within your installation. The user therefore has the equivalent to full weblog administrator privileges over the weblogs he or she creates.
  • View activity log - Allows a user to view the system-wide activity log linked to from the System Overview page.
  • Upgrading the application to a new version.

| | Comments (0)

Permissions are defined through the groups and associations assigned to the user.

To see what permissions are associated with your username

  • View the groups and associations assigned to the user name.
  • View each group’s settings and each association’s settings.

To view and modify permissions for other users

Note: The following procedure requires System Administrator permission.

  • View the groups and associations assigned to the user.
  • Edit the groups and roles assigned to the user.

To associate a user with a new or additional weblog

Note: The following procedure requires System Administrator permission.

View the groups and associations assigned to the user. Edit the associations and roles assigned to the user.

  • Click the Main Menu link. Click the Users & Groups link in the System Shortcuts. This displays the main screen of the System-wide: Users page.
  • Click the Users tab. Click the user to modify. This displays the User Profile page.
  • Click the Associations tab. This displays the Associations page.
  • Click the Add to a weblog link. This displays the Create an Association dialog.
  • Select from the list of possible roles. Click the associated checkbox for each desired role. Click Continue.
  • Select a weblog from the list of possible weblogs.
  • Click Confirm. The Association page displays the Associations tab and lists the roles assigned to the user.

| | Comments (0)

Roles allow administrators to map real-world labels onto sets of permissions like, Designer or Writer allowing for almost natural language assignment in the form of a rule, called an Association.

While a single user or group can have any number of roles on a particular weblog, it is best practice to create broad roles which encompass all of the desired permissions so that each user/group has only a single role (or two maximum) on each weblog. This will greatly reduce your management burden in the future.

Default Roles

The system ships with a number of default roles which cover a number of popular personas and capabilities. These default roles are not special in any way. They are completely customizable in both name, description and permissions and can be deleted if the administrator finds them unsuitable. New roles can also be created in place of or in addition to the default roles.

  • Weblog Administrator - Can administer the weblog.
  • Designer - Can edit, manage and rebuild weblog templates.
  • Editor - Can edit all entries/categories/tags on a weblog and rebuild.
  • Editor (can upload) - Can upload files, edit all entries/categories/tags on a weblog and rebuild.
  • Publisher - Can upload files, edit all entries/categories/tags on a weblog, rebuild and send notifications.
  • Writer - Can create entries and edit their own.
  • Writer (can upload) - Can create entries, edit their own and upload files.

Each of these roles can be modified or even deleted. Other roles can be created to better match your workflow and job descriptions.

Custom Roles When Upgrading

Upon upgrade, the system maps each users' sets of permissions to each default role and if a match is found, the default role is granted in place of the individual permissions. When the permission sets don't match up, a Custom role is created for them, system-wide and each user with that set of permissions on any weblog will be granted that Custom role.

After upgrade, these Custom roles can be edited, properly named to describe the persona or combined manually with the default roles. For best results, we recommend that all Custom roles are at least renamed making it easier to differentiate between each.

See also: Associations

| | Comments (0)

Six Apart
Makers of weblog software and services for individuals, organizations and businesses.
This website is powered by Movable Type.