Movable Type Enterprise has a granular permission system which allows administrators to finely control what each user is allowed to do within the system. To accommodate this the following entities are used:

System Administrator Profile

The high-level profile that is defined by default within Movable Type Enterprise is System Administrator. All lower level permission profiles contain a combination of permissions assigned through the roles and associations.

Unique combinations of user privileges comprise various permissions profiles. It is up to your organization to define these assignments and the privileges of which they are comprised, as well as assign permissions to the right individuals for use with the right weblogs.

System Administrators have no restrictions within the system and inherit all privileges for all weblogs within that system, regardless of their specific association with a particular weblog. Responsibilities include, but are not limited to:

• Creating users and modifying permissions
• Creating new weblogs
• Viewing or modifying other weblogs other than those for which they have specific permissions.
• Installing plugins and configuring/enabling/disabling them system-wide

General Permissions (System-Wide)

• System Administrator - System Administrators have no restrictions on their abilities within the system and inherit all privileges for all weblogs within that system, regardless of their specific association with a particular weblog.
• Create weblogs - Allows a user to create unlimited new weblogs within your installation. The user therefore has the equivalent to full weblog administrator privileges over the weblogs he or she creates.
• View activity log - Allows a user to view the system-wide activity log linked to from the System Overview page.
• Upgrading the application to a new version.