In some cases you may need to limit access to your content that you do not want the public to see. Be cautious about the types of content you are publishing to the web and refer to Protect Our Info for classifications.
Use Case 1 - Temporarily limit access to the whole website
This use case is best when you want your whole website limited to certain people, for example, during a review period before the website goes live.
To achieve this, place your site in Maintenance Mode. Authenticated users with the roles of Reader, Content Author, Content Manager, or Site Admin can access the site.
Note that documents and media are still accessible even when using Maintenance Mode. If a user knows the path to the file, they can still access it. This can only be prevented if Private Documents and Private Images were used when uploading the files, which is only available in the solution described below.
Use Case 2 - Limit access to select content to specific groups of people
Site Builder has a robust Access Control A collection of features or functionality that can be enabled on sites. WDS has made several optional modules available to site administrators to enable on their site. For example, the "News" module enables the News content type and provide a News List Block for displaying news on a page. that WDS can enable and configure to suit your needs.
The Access Control module is not enabled on Site Builder websites by default. Contact us to have it enabled and let us know specific details about what you want protected and why.
There's three types of content can that be access controlled:
- Content items such as Pages, News, Events, People, etc.
- Documents, such as PDFs
WDS will work with you to define what audiences you want to be able to restrict the content to. Some examples of these audiences include:
- Anyone that can log in via CAS
- Undergraduate Students
- Graduate Students
- A specific Active Directory group
How it Works
The most basic setup involves restricting access to anyone that is able to log in via CAS (note this includes parents of students). In this case, content can be restricted to users of the "Authenticated user" role, which is assigned to anyone that can log in. All users with CAS credentials can log in to your site.
To refine access control to specific groups, WDS will set up custom user roles for each group you want to be able to restrict access for. Upon logging into your site (either by clicking a Log In link or visiting a restricted page), users will be authenticated and then automatically assigned the appropriate access roles if they have the correct attributes. Typically, we use Active Directory groups to set up this role assignment process
Roles can also be set up so membership is manually controlled by a site admin. This is most appropriate when there's a very small number of people you need to give access to.
Content authors, managers, and site admins can then restrict content by using the "Access" checkboxes on the content edit forms:
Impact to Documents & Media
Sites using the Access Control module can restrict access to Documents and Images. When adding new images or documents, the content editor must select the "Private Document" or "Private Image" media or document type. "Public Document" and "Public Image" are still available but offer no access controls. Other media types cannot be access controlled, including Audio File and Video File.
Access Control Options
While WDS will configure this for you, it's helpful to know what is available.
A individual item of content. For example, a page, a news article, and an event are all content items, which correspond to the Page, News, and Event content types, respectively. access control method
There are two options for how access controlled content items (e.g. Pages, Events, etc) behave on your site.
The "Simple" method will restrict access to view the detail page only. Unauthorized users will still see links to the page in your menu, list blocks, and search results. Anonymous (unauthenticated) users will be prompted to log in via CAS when attempting to view a restricted item directly. This is the most common scenario.
The "Advanced" method also restricts access to view the detail page, but it will also prevent the page from showing up in menu links, list blocks, and search results unless the user is logged in and allowed to view the content.
In most cases, the "Simple" method is most appropriate as it still makes it easy for anonymous visitors to discover links to the restricted content.
Restricted link indicator
This option will add a lock icon to links that the visitor does not have access to view. This essentially hints to the user that the content is restricted.
Default access control behavior
WDS can configure the access checkboxes on content entry forms in a few ways:
- Allow content editors to check any role to restrict the content to
- Same as above, but for new content, have one or more roles checked by default (useful if most new content should be restricted)
- Restrict all content items of a certain type to one or more specific roles, disabling the per-content item control