In this article, we cover the FORGE capability of assigning permissions to your editorial team.
Topics covered here:
Overview
FORGE works with two levels of permissions:
- Action level: What users can do based on the assigned roles.
- Visibility level: What users can see based on authorization groups. Authorization groups enable editorial entities — in the FORGE Back Office — and folders and pages — in the Page Builder.
Action-level permissions
At the action level, permissions — corresponding to allowed actions — are assigned to users through roles.
Roles are either system (out-of-the-box and not editable), or custom, (created to fit specific needs by leveraging the set of permissions that each app provides).
Roles explained
The GUIShell → Applications page lists the apps you can access. Select the vertical three dots to view options and manage roles:
The View Roles page:
Each role has a set of permissions. Each permission is described inside its app. The picture above shows some permissions available in FORGE Back Office. There are system roles — that are out-of-the-box and not editable — and custom roles, like Contributor, that you can create to fit your needs.
Reference scenario
Imagine you want to create the following roles for your project:
- Staff editor: They can create and manage their content in English and define its taxonomy.
- Freelance editor: They can create and manage their content in French.
- Reviewer: They can approve the submitted content, change its taxonomy, and publish it.
- Producer: They can define and control the presentation of the content.
Assigning roles
Once you have defined the roles you need, assign them to the members of your editorial team. The list of users — the editorial team members — is accessible from GUIShell → Users:
Visibility level permissions
At the visibility level, permissions are assigned directly to users.
Authorization groups explained
FORGE Back Office
In FORGE → Administration → Configurations → Access Control List, create the authorization groups with a description of the content the group can view:
Reference scenario
Imagine you want to distinguish the content for website and app; you'll create two authorization groups:
- content-website: It authorizes viewing content for website.
- content-app: It authorizes viewing content for app.
Page Builder
In Page Builder → Authorization Groups, create your authorization groups.
For each authorization group, set which modules, layouts, and pages it makes visible to users who have it assigned:
In the Site Items tab, see which site items require the authorization group — e.g., presentation-website — to be visible within the site structure. Site items include pages, folders, and menus.
Reference scenario
Imagine you want to distinguish the presentation for website and app; create two authorization groups:
- presentation-website: It allows using only the layouts and modules for website and accessing only the website folder.
- presentation-app: It enables viewing and use of only the layouts and modules for app and accessing only the app folder.
Assigning authorization groups
FORGE Back Office
In FORGE → Assign Authorization Groups, assign the authorization groups to every user and set whether the visibility enables actions or is read-only.
Reference scenario
Imagine you want your
- Staff editors Anne, Bill, and Carol to view and act on the website content
- Freelance editors Dan, Emily, and Frank to view and work on the app content
- Reviewer Luca views and acts on website and app content
You'll assign
- Authorization group content-website to Anne, Bill, and Carol
- Authorization group content-app to Dan, Emily, and Frank
- Authorization groups content-website and content-app to Luca
Page Builder
Under Page Builder → Authorization Groups, assign user authorization groups.
Reference scenario
Let's design the following permissions scenario:
- Producer Henry has to develop the presentation of website
- Producer Ilary has to develop the presentation of app
- Producer Luca has to check the presentation of website and app
You'll assign:
- Authorization group presentation-website to Henry
- Authorization group presentation-app to Ilary
- Authorization groups presentation-website and presentation-app to Luca