Download pulse

Overview

users and rights palette
Fig.1

Switching to the users and rights palette in the palettes menu gives you the following options:

Users

In the users section you can administer your users, set them active or disable them, change names, set new passwords, assign roles and permissions, give them WebDAV access and so on. And of course you can delete them.

Roles

Roles can be divided into two groups:

  • System-created roles (name starts with ~)
  • User-defined roles

A role is the most versatile main user-administration tool. With its help you can easily ‘govern’ your users. By assigning roles to users and pages of your website, you can either allow users to see that page or you can exclude users from seeing that page by not giving them the necessary role.
Another possibility is to use roles to combine different permissions and groups according to your administrational needs. This is most helpful if you want to delegate certain tasks within the administration.
As an example: You want two of your colleagues to help you administer your webpage. One of them shall take care of the CMS and shop contents, the other one shall take care of the users and dealers. So you create two roles: one called Content-Admin, the other User-Admin. The Content-admin-role is assigned the permission groups for all content-editing while the other is assigned all groups and permissions necessary to take care of all user-relevant tasks. As the Content-Admin needs to inspect the content he created online, he may assign his role to all new content. So all these pages will be visible only to him, until he’s done testing and chooses that the pages are ready for launch. He then can remove the role-assignment.

Groups

There are two types of groups:

  • System generated groups (name starts with ~)
  • User defined groups

Groups consist mostly of different permissions and can be used to control access of different parts of the website and its functions. Most groups are used as a bundle of permissions required to perform a specific task. They can be seen as a convenience function, as you can predefine tasks that can later be combined into a specific role.

Permissions

A permission is the “smallest unit” within the websites access-control-mechanism that can be directly assigned to Users, Roles or Groups to determine access and execution of Commands within the application. Basically Permissions can be divided into two types:

  • System- Permissions (name starts with ~).
  • User-defined-Permissions created by the user from within the website-administration.

In general a system-permission pre-groups a set of CommandMatchers. A CommandMatcher is the lowest-level on which the execution of Commands within the application can be limited. With user defined permissions you have a powerful tool at hand for further customisation of the access-control e.g. by customising the assigned set of Command Matchers according to your requirements.

Note: A change to a system-permission’s state will only be valid during “runtime“. This means, after every restart of the application a deleted system-permission will be re-created, removed CommandMatchers will be re-added and so on.

CommandMatchers

CommandMatchers can be seen as the internal application firewall of pulse. Each CommandMatcher consists of the basic attributes of a Command (i.e. Bundle, Locale, Action, Sitemap-ID and Parameters). If a CommandMatcher is a subset of the Command currently being executed, it “matches” the Command and allows access. This means, that to allow the user execution of a specific Command, you have to assign a/the Permission which contains the valid CommandMatcher either directly or via Groups or Roles.

VFS-permissions

VFS-permissions are used to control the access to your virtual file system. This can be done by assigning read- and write-roles to folders or single files.