Access Control & Private Content

In some cases you may need to limit access to your content that you do not want the public to see. Be cautious about the types of content you are publishing to the web and refer to Protect Our Info for classifications.

Use Case 1 - Temporarily limit access to the whole website

This use case is best when you want your whole website limited to certain people, for example, during a review period before the website goes live.

To achieve this, place your site in Maintenance Mode. Authenticated users with the roles of Reader, Content Author, Content Manager, or Site Admin can access the site.

Use Case 2 - Limit access to select content to specific groups of people

Site Builder has a robust Access Control A collection of features or functionality that can be enabled on sites. WDS has made several optional modules available to site administrators to enable on their site. For example, the "News" module enables the News content type and provide a News List Block for displaying news on a page. that WDS can enable and configure to suit your needs.

Requires the Access Control module

The Access Control module is not enabled on Site Builder websites by default. Contact us to have it enabled and let us know specific details about what you want protected and why.

There's three types of content can that be access controlled:

  • Content items such as Pages, News, Events, People, etc.
  • Documents, such as PDFs
  • Images

WDS will work with you to define what audiences you want to be able to restrict the content to. Some examples of these audiences include:

  • Anyone that can log in via CAS
  • Undergraduate Students
  • Graduate Students
  • Staff
  • Faculty
  • A specific Active Directory group

How it Works

WDS will set up custom user roles for each group you want to be able to restrict access for. Upon logging into your site (either by clicking a Log In link or visiting a restricted page), users will be authenticated and then automatically assigned the appropriate access roles if they have the correct attributes. Typically, we use Active Directory groups to set up this role assignment process

Roles can also be set up so membership is manually controlled by a site admin. This is most appropriate when there's a very small number of people you need to give access to.

Content authors, managers, and site admins can then restrict content by using the "Access" checkboxes on the content edit forms:

Access control checkboxes on a content entry form. Checkboxes for roles Faculty, Staff, and Department Staff are shown.

Access Control Options

While WDS will configure this for you, it's helpful to know what is available.

A individual item of content. For example, a page, a news article, and an event are all content items, which correspond to the Page, News, and Event content types, respectively. access control method

There are two options for how access controlled content items (e.g. Pages, Events, etc) behave on your site.

The "Simple" method will restrict access to view the detail page only. Unauthorized users will still see links to the page in your menu, list blocks, and search results. Anonymous (unauthenticated) users will be prompted to log in via CAS when attempting to view a restricted item directly. This is the most common scenario.

The "Advanced" method also restricts access to view the detail page, but it will also prevent the page from showing up in menu links, list blocks, and search results unless the user is logged in and allowed to view the content.

In most cases, the "Simple" method is most appropriate as it still makes it easy for anonymous visitors to discover links to the restricted content.

Restricted link indicator

This option will add a lock icon to links that the visitor does not have access to view. This essentially hints to the user that the content is restricted.

Default access control behavior

WDS can configure the access checkboxes on content entry forms in a few ways:

  • Allow content editors to check any role to restrict the content to
  • Same as above, but for new content, have one or more roles checked by default (useful if most new content should be restricted)
  • Restrict all content items of a certain type to one or more specific roles, disabling the per-content item control