phppermissionscontent-management-systemrolesaccess-levels

Common CMS roles and access levels


I am currently writing a CMS and remember someone (it might have been on here) criticise the existing CMS for not having a robust enough user permissions system. I've got a method planned out but it I feel it has fallen into the usual trap of being a bit too fine-grained which makes understanding and implementing it a horror for end users.

I think having a range of default user roles with permissions would be the answer to this, so I suppose my question is this:

What are the default roles you would like to see in a CMS and what sort of permissions would be associated with these?

Thanks in advance!


Solution

  • This is the "best practice" I have ended up with in most projects and am very happy with:

    1. Roles

    When it comes to roles, I recommend great flexibility, i.e. the ability to create and define user accounts and groups freely (roles like "contributor", "manager" etc. are not hard-coded, but put into a configuration file that can be changed per application). The role configuration is unaccessible to the user, but the engine itself should be free from hard-coded roles.

    2. Rights

    Rights is where things need to be easy to understand and implement.

    I have made very good experiences working with, and checking against, very fine-grained rights on the code / API level:

    but the user never sees those. For them, they are grouped into a very small number of "right groups":

    The user never sees the "move" right, but only the "Administer" rights group.

    That way, you retain the full power of fine-grained rights in your code for the future - you can, for example, easily accommodate for a rule like "interns must be able to edit pages, but not be able to change their titles, nor to delete them", adding a valuable asset to the CMS. For the end user, this functionality remains invisible, and the rights system easy to use.