In this video, Phil Gold discusses classifying documents by level of sensitivity and access needs of the users. Learn how to parse your content security guidelines and establish a permissions hierarchy, and see examples of this in WordPress and SharePoint.
- [Instructor] Okay, we've got our content and we can find it when we need it. Now the next question is who should be able to access it and what should they be allowed to do with it? Now defining permissions and rights is another important factor that any CMS must have. Ideally, this should be able to leverage any existing security and permission system in use at a business. Microsoft Active Directory is probably still the most widely used directory and authentication server today.
Its security groups, officially trusts, can be reused to define membership and permission groups in SharePoint. A security groups can also be set up from the Office 365 Admin Center. You can add entire security group to SharePoint permission groups. Or you can build permission groups by email addresses so that you've got the ability to create custom groups that don't mirror existing organizational or hierarchical structures.
These permission groups are then used to control not only access to libraries, but set different rights as well. You could parse these down at a very fine-tune level from view only with no ability to download through edit drafts to publish and all the way up to granting the rights to delete content. Since SharePoint allows for multiple libraries, I believe it's best to manage permission at that level, but you can manage folder permissions and even permissions at the individual file level, although I frankly think you're nuts if you do that.
The controls for individual library permissions are in the library settings. Now we're looking at the classic view right now, so for here, we click the Library tab, and we go to Library settings. On the Library Settings page, just click permissions for this document library, and you can setup all your permissions here. WordPress is not quite as flexible. By default, permissions are controlled by roles and there are only a few standard roles out of the box.
Administrator has full control of everything. Editor can add, edit, or delete all posts, pages, comments, categories, tags, and links. An author can create, edit, and publish their own posts. Contributors can create posts, but they can't publish them. And then a follower or a viewer is somebody who can read and comment on posts and pages but has no ability to create any content.
The administrator also has the ability to set the visibility to specific areas on the dashboard for the various groups. Now it's possible to create custom roles, but you need either a plugin or you have to do some serious fiddling around in the code of the site's theme. Out of the box, adding users to WordPress is a one-at-a-time process. You can buy plugins that will integrate Active Directory with WordPress, and I almost think that's necessary.
If you do, you'll be able to take advantage of existing security groups which will also make managing permissions overall much simpler. For more information on WordPress roles, I'm gonna send you back to that WordPress Essentials Training class in the course library. And of course, I go into a lot more detail about SharePoint permissions in my SharePoint Data Management course.
- Features: storage, search, security, and version control
- Document vs. content management
- Content team roles
- What a CMS won't do
- Benefits: Centralized permissions, reuse, automation, and more
- Selecting a CMS
- Best practices