Access Control & Private Content

In some cases you may need to limit access to your content that you do not want the public to see. Be cautious about the types of content you are publishing to the web and refer to Protect Our Info for classifications.

Use Case 1 - Temporarily limit access to the whole website

This use case is best when you want your whole website limited to certain people, for example, during a review period before the website goes live.

To achieve this, place your site in Maintenance Mode. Authenticated users with the roles of Reader, Content Author, Content Manager, or Site Admin can access the site.

Note that documents and media are still accessible even when using Maintenance Mode. If a user knows the path to the file, they can still access it. This can only be prevented if Private Documents and Private Images were used when uploading the files, which is only available in the solution described below.

Use Case 2 - Limit access to select content to specific groups of people

Site Builder websites are most suitable for public content. If you need to protect access to content, please try the solutions for "Project teams or department intranets" first. If these options are not suitable, WDS may enable the Access Control A collection of features or functionality that can be enabled on sites. WDS has made several optional modules available to site administrators to enable on their site. For example, the "News" module enables the News content type and provide a News List Block for displaying news on a page. on your website. Please contact us and provide justification, including:

  • The nature of the content you are planning to restrict
  • The types audiences you want to restrict access to
  • Why the other options available are not suitable

Provide as much detail as possible.

How it Works

There's three types of content can that be access controlled:

  • Content items such as Pages, News, Events, People, etc.
  • Documents, such as PDFs
  • Images

WDS will work with you to define what audiences you want to be able to restrict the content to. Some examples of these audiences include:

  • Anyone that can log in via CAS
  • Undergraduate Students
  • Graduate Students
  • Staff
  • Faculty
  • A specific Active Directory group
    • You can use an existing group, such as "Department 25600 Faculty" or "Department 22300"
    • You can request a custom group, using the "Create Active Directory Groups" form in the Service Portal.

The most basic setup involves restricting access to anyone that is able to log in via CAS (note this includes parents of students). In this case, content can be restricted to users of the "Authenticated user" role, which is assigned to anyone that can log in. All users with CAS credentials can log in to your site.

To refine access control to specific groups, WDS will set up custom user roles for each group you want to be able to restrict access for. Upon logging into your site (either by clicking a Log In link or visiting a restricted page), users will be authenticated via CAS and then automatically assigned the appropriate access roles if they have the correct attributes. Typically, we use Active Directory groups to set up this role assignment process.

Roles can also be set up so membership is manually controlled by a site admin. This is most appropriate when there's a very small number of people you need to give access to.

Content authors, managers, and site admins can then restrict content by using the "Access" section on the content edit forms:

Access control checkboxes on a content entry form. Checkboxes for roles Faculty, Staff, and Department Staff are shown.

Impact to Documents & Media

Sites using the Access Control module can restrict access to Documents and Images. When adding new images or documents, the content editor must select the "Private Document" or "Private Image" media or document type. "Public Document" and "Public Image" are still available but offer no access controls. Other media types cannot be access controlled, including Audio File and Video File.

Access Control Options

While WDS will configure this for you, it's helpful to know what is available.

A individual item of content. For example, a page, a news article, and an event are all content items, which correspond to the Page, News, and Event content types, respectively. access control method

There are two options for how access controlled content items (e.g. Pages, Events, etc) behave on your site.

The "Simple" method will restrict access to view the detail page only. Unauthorized users will still see links to the page in your menu, list blocks, and search results. Anonymous (unauthenticated) users will be prompted to log in via CAS when attempting to view a restricted item directly. This is the most common scenario and what is set up by default.

The "Advanced" method also restricts access to view the detail page, but it will also prevent the page from showing up in menu links, list blocks, and search results unless the user is logged in and allowed to view the content.

In most cases, the "Simple" method is most appropriate as it still makes it easy for anonymous visitors to discover links to the restricted content.

Restricted link indicator

This option will add a lock icon to links that the visitor does not have access to view. This essentially hints to the user that the content is restricted.

Default access control behavior

WDS can configure the access checkboxes on content entry forms in a few ways:

  • Allow content editors to check any role to restrict the content to
  • Same as above, but for new content, have one or more roles checked by default (useful if most new content should be restricted)
  • Restrict all content items of a certain type to one or more specific roles, disabling the per-content item control