In some cases you may need to limit access to your content that you do not want the public to see. Be cautious about the types of content you are publishing to the web and refer to Protect Our Info for classifications.
Use Case 1 - Temporarily limit access to the whole website
This use case is best when you want your whole website limited to certain people, for example, during a review period before the website goes live.
Use Case 2 - Limit access to select content to specific groups of people
Site Builder has a robust Access Control A collection of features or functionality that can be enabled on sites. WDS has made several optional modules available to site administrators to enable on their site. For example, the "News" module enables the News content type and provide a News List Block for displaying news on a page. that WDS can enable and configure to suit your needs.
The Access Control module is not enabled on Site Builder websites by default. Contact us to have it enabled and let us know specific details about what you want protected and why.
There's three types of content can that be access controlled:
- Content items such as Pages, News, Events, People, etc.
- Documents, such as PDFs
WDS will work with you to define what audiences you want to be able to restrict the content to. Some examples of these audiences include:
- Anyone that can log in via CAS
- Undergraduate Students
- Graduate Students
- A specific Active Directory group
How it Works
WDS will set up custom user roles for each group you want to be able to restrict access for. Upon logging into your site (either by clicking a Log In link or visiting a restricted page), users will be authenticated and then automatically assigned the appropriate access roles if they have the correct attributes. Typically, we use Active Directory groups to set up this role assignment process
Roles can also be set up so membership is manually controlled by a site admin. This is most appropriate when there's a very small number of people you need to give access to.
Content authors, managers, and site admins can then restrict content by using the "Access" checkboxes on the content edit forms:
Access Control Options
While WDS will configure this for you, it's helpful to know what is available.
A individual item of content. For example, a page, a news article, and an event are all content items, which correspond to the Page, News, and Event content types, respectively. access control method
There are two options for how access controlled content items (e.g. Pages, Events, etc) behave on your site.
The "Simple" method will restrict access to view the detail page only. Unauthorized users will still see links to the page in your menu, list blocks, and search results. Anonymous (unauthenticated) users will be prompted to log in via CAS when attempting to view a restricted item directly. This is the most common scenario.
The "Advanced" method also restricts access to view the detail page, but it will also prevent the page from showing up in menu links, list blocks, and search results unless the user is logged in and allowed to view the content.
In most cases, the "Simple" method is most appropriate as it still makes it easy for anonymous visitors to discover links to the restricted content.
Restricted link indicator
This option will add a lock icon to links that the visitor does not have access to view. This essentially hints to the user that the content is restricted.
Default access control behavior
WDS can configure the access checkboxes on content entry forms in a few ways:
- Allow content editors to check any role to restrict the content to
- Same as above, but for new content, have one or more roles checked by default (useful if most new content should be restricted)
- Restrict all content items of a certain type to one or more specific roles, disabling the per-content item control