Skip over navigation

Permissions

Before You Begin: Access Policy

All members of the University community are responsible for safeguarding the University's information and technology infrastructure. As a Roxen site administrator, you are responsible for protecting the University's property, license agreements, and good name.

Roxen CMS is available only to holders of valid Princeton netids, or to sponsored guests. If you wish to provide access to your Roxen site to someone not affiliated with the University, you may do so only through a sponsored account, such as through OIT's Guest Account Provisioning service.

Roxen site administrators are asked to review and ensure access only as described here. OIT reserves the right to disable access and to shut down websites, without notice, that are found in violation of this policy.

Step 1: Click the "Access Control" tab

Click the "Access Control" tab

Permissions are unique to each edit server (deptaedit, deptbedit, etc.). First, navigate to your edit server and Enter edit mode. Once in edit mode, in the Insite Editor, click the CE (Content Editor) button. Once in the Content Editor, look for the Access Control tab. If you do NOT see the Access Control tab, stop, you are not an administrator for your site, please have your site administrator continue the tutorial, or contact roxen@princeton.edu and ask for permission.

Step 2: Search for user or group name

Search for user or group name

Navigate to the bottom of the Access Control page and look for the Search input. Type in a unique identifier for the user (either NetID or last name will do) or Active Directory group name, then press enter.

Step 3: Click the link for the found user

Click the link for the found user

Your search term may return multiple results, possibly some with the same name. Verify both the name and the username in parenthesis. If your search returned too many results, you can either filter the results via the Zoom: drop-down or perform another search with a more specific term.

Clicking the link will take you to the permissions settings page for that user or group. When editing permissions, the server will take significantly longer to respond than with most other tasks.

Step 4: Select the group membership for that user

Scroll down to the Memberships section, past the Details and Authentication Methods sections. There should be a column of drop-down menus with three of four possible options:

  • explicit membership
  • indirect membership
  • no membership
  • explicit non-membership

For example, anyone with editor permissions for a specific site should be an explicit member of the Content Editors group, which grants indirect membership in the Content Readers group. The bottom row allows you to specify membership in a new group.

Select the group membership for that user

The Membership drop-down next to the Membership type drop down, should list the groups for which the logged-in user has administrator privileges.

Our convention on the "dept" servers is to name the Access Control zone and the default groups after each site's directory name, i.e the groups for /foobar would be:

  • foobar-administrators
  • foobar-editors
  • foobar-readers

In this example, only members of the foobar-administrators group are able to add other users to the three "foobar-" groups. Once a group is chosen, explicit membership is chosen by default, and any associated indirect memberships are automatically added. If you do not see the groups for which you are trying to add users, contact roxen@princeton.edu so we can verify whether you should be an administrator for that zone.

When these new permissions are saved, the protection point Permissions that are listed at the bottom of the page in lengthy detail are automatically updated.

Step 4a: Removing users from Access Control groups

Removing users

To remove a user or group from an Access Control group, follow steps 1 through 3 above, but then choose "no membership" next to the linked group name. Indirect group memberships will automatically disappear upon save.