Communifire uses a fine-grained, role-based permission matrix to manage access to different parts of the system. Permissions are mapped to roles, and each user can have multiple roles.
Before understanding permissions, it is important to understand how Users, Roles, and Permissions work together in Communifire. At its most basic description:
To visit the Roles page, navigate to: Control Panel > People > Roles
By default, Communifire has 5 in-built roles. These five roles cannot be edited or deleted, however permissions for these roles can be changed. The SiteAdministrator can create new Roles as well.
In addition to these in-built user roles, you can create an unlimited number of additional Roles in the system and then apply any combination of Permissions to these Roles. This gives you unlimited control over how much you can lock down or open up your intranet.
To visit the System Permissions page, navigate to: Control Panel > System > System Permissions
The system permissions, shown below, allow you to provide/deny access to administrative sections in the Communifire Control Panel.
Here is an explanation of each permission shown above:
To visit the User Section Permissions page, navigate to: Control Panel > People > User Section Permissions
The permissions below are used to allow or restrict access to the People administration settings in the Communifire Control Panel.
Communifire uses a fine-grained permission matrix to manage different content entities (also known as System Entities), such as:
The entity permission model works both at a community level as well as at the space (sub-community) level. The space level roles and permissions are completely independent of the community level roles and permissions.
Administrator can login to the admin system (http://yoursite.com/cf-admin), and then go to each entity under the "content" menu to set that entity's permissions. For Articles, navigate to Control Panel > Content > Articles and then click Permissions. You will see that all roles are listed with check boxes denoting all applicable permissions. Select the relevant check boxes and click Save Permissions. The permissions will be saved and become active instantly. Article permissions can be set at a global level, which means the permissions once set will be applicable to all articles. You cannot set permissions of an individual article.
Unlike Articles, Blogs permissions can be set at a global level (default permissions applicable to each blog) and also at an individual blog level. Individual blog permissions will override the default blog permissions. Note that we cannot set permissions for each blog entry, but only for a user blog. Permissions set on an individual blog are applicable to all the posts within that blog.
To set the default blog permissions, go to admin->content->blogs and click Default Blog Permissions link. This is similar to the way permissions are set for articles. You can select the relevant permission set and click Save permissions button. Once saved, the permissions are active instantly and are applicable to new blogs created.
To set blog permissions for an individual blog, go to admin->content->blogs->manage blogs. You will see a list of all the blogs (each user is assigned a single blog). Click the "edit" button of that blog for which you want to change the permission set. In the edit blog screen which opens up, go down till you see the "Set Permissions" area for that blog. Select the relevant permissions for each role and click the Save Permissions button. This will update the permission set for that individual blog.
Forums are grouped together using Forum Groups. Each Group can have multiple forums under it. You can set default group permissions via this page:
Conrol Panel->content->forums->default group permissions
These permissions are applicable/inherited by all new groups created, unless you override the individual group permission from the group edit page (admin->content->forums->manage groups-> edit group)
NOTE: All forums under a Group inherit the Group's permissions by default. To modify an individual forums permissions, go to Control Panel->content->forums->manage forums-> edit forum.
Forums section has extra permission types as follows:
CreatePost/EditPost/ViewPost: These permissions with "post" as a suffix are applicable to posts instead of forums/groups. This means that the Create permission means permission to create a new forum whereas CreatePost means permission to create a new forum post. Same goes for DeletePost, ViewPost. In short these permissions are applicable only on forum posts and NOT on forum as an entity.
MarkAsAnswer: permission to mark a particular post as an Answer to the original topic.
LockATopic: permission to lock any topic
Works just like the Articles section permissions.
Works just like the Articles section, if the Role has a View permission, then members belonging to that role can View the poll and its results. If the role has a Vote permission, then members of that role can vote for that particular poll.
Files belong to a folder. The default root folder is named "Community Root", and you can set the permissions of this root folder by going to admin dashboard -> content -> files -> file permissions. If you to manage space level file permissions, then go to your space homepage and click the manage space link below the space name to go to the space admin section. Then from the left-side menu, click Settings - > Permissions to go to the permissions management page. From this page, you can manage permissions for all entities. To manage file permissions, select "File" from the drop down as shown below:
Once you select Files from this dropdown as shown above, the page will refresh to load "files" specific permissions and another "Select Directory" drop down will appear right next to it. This dropdown will show all the folders in that space. Since each folder can have its own permissions, you need to select which folder you want to set permissions for, and then mark the appropriate check boxes, and finally click the "Save Changes" button at the end:
You can mark/unmark permission checkboxes for each role. Here is a short explanation of each permission value:
1. Create: Can create/upload a new file.
2. View: Can view self-created files in that folder. Note that if you want users to view files uploaded by other users, set the View All (see #12 below) permission to true.
3. Edit: Can edit updated versions of a file uploaded by self, i.e., check-out current file, and re-upload (check-in) an updated version. File history will be maintained.
4. Delete: Delete a file. This option only allows a user to delete a file uploaded by him/herself, not those files uploaded by others. Note that deleted files go to the recycle bin, from where they can be permanently purged.
5. Check-in: Re-upload an updated version. If this permission is not given, then the user will not see "check-in" option in the file system. This option will only work if "Enable document control" is set to true in space/community settings.
6. Check-out: Check out a file to edit it and then re-upload. This option will only work if "Enable document control" is set to true in space/community settings.
7. Purge: Permanently delete files from recycle bin.
8. Restore: Restore a file from the recycle bin.
9. Create/Delete/Rename Directory: ability to perform these directory operations.
10. Roll back: Roll back a previous version to the latest version file (from the file history). This option will only work if "Enable document control" is set to true in space/community settings.
11. View History: View all versions of a file. This option will only work if "Enable document control" is set to true in space/community settings.
12. View All: View files uploaded by other users.
13. Admin View: Only for moderators and admins, ability to go into the admin section of files (via space/community admin dashboard). All space admins and community admins automatically have this permission.
14. Update All Files: Update files uploaded by other users.
15. Delete All Files: Delete files uploaded by other users.
Space permissions can be managed by the front-end space admin section. Only space administrators will have access to manage these permissions. Spaces follow the same role-permission structure like the main community, but the space user roles are different from the community user roles and are isolated at the individual space level, meaning that roles related to one space will not be visible in any other space.
To manage space permissions, go to that particular space and select Manage Space. Then once in the Space admin section, click on Settings > Permissions.
You will reach the manage permissions page. You will see a dropdown from where you can select the entity on which you want to apply permissions, and then click the "submit" button to save your selected permissions as shown below:
If you want to give the permission to edit all articles in a space to a space member, then follow these steps:
1. Login as space administrator, and go to "manage space" section.
2. Select Settings->Permissions from left side menu.
3. Then select Articles from the entity dropdown.
4. In the Member role row, mark these permissions as checked: "Admin View" and "Update all Articles".
5. Then select "Space" from the entity dropdown.
6. In the Member role row, mark "Admin View" as checked.
Now members would be able to edit articles created by other users.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/76/system-permissions