User Administration and Permissions

CMS Fiona includes an easy-to-use user administration. Every user receives a log-in name, a login. A login is a unique identification which "embodies" the user. Each login is assigned a password, which the user must enter to be able to work with Fiona.

Using the user administration, the CMS administrators can create user groups and allocate users to groups. After the login of a user has been set up, he or she automatically becomes a member of a default user group. He or she can be a member of any number of groups. Using global permissions, an administrator can define the authorizations the users and groups have with regard to administrative tasks.

User groups fulfill an important task, also with regard to files. On the one hand, administrators can define user groups to determine which employees may edit, verify and release files. On the other hand, the groups can be granted file-specific permissions. In this way, for each file the administrator can define how the members of a group can access files. For example, a user (via one of the groups in which he or she is a member) must have administration permission for a file to be able to delete the file; to be able to change the field values of its draft version, he or she requires write permission.

File-specific permissions cannot be granted to individual users, but only to user groups. The following permissions can be granted for each file:

  • Read Permission
    Permits all kinds of access to the file that does not change it. For example, the preview or the file’s details can be viewed in the Content Navigator.

  • Write Permission
    Permits creating as well as editing a new draft version (this also includes changing field values). Users who have been granted write permission automatically have read permission.

  • File Creation Permission
    This permission can only be granted for folders. This permission allows its possessor to create files in the respective folder. To be able to create a file using a specific format it might be necessary to additionally have a global permission defined by the administrator. (The administrator can restrict using a format to users who have a particular permission he has defined.)

  • Administration Permission
    Users to whom this permission has been granted possess all authorizations with respect to the file concerned. The administration permission is required to delete, rename or move files, as well as to be able to unrelease them. As the administrator of a file you have permission to release it regardless of its editing status.

  • Live Server Read Permission
    This permission can be given to user groups to allow them to access the published file concerned. The groups to whom this permission can be granted may be different from those for the other permissions (they optionally originate from a different user management). If a file’s live server read permission has been assigned to at least one user group, only the respective group members are permitted to access the document concerned. Otherwise, all visitors may access it. This permission is only available in conjunction with the Portal Manager.

When you create a file, the permissions assigned to the folder containing it apply to the file as well (the file "inherits" the permissions of this folder). If these permissions do not include the read and write permission, the CMS automatically grants the missing file-specific permissions to your default group so that users who have created a file can edit its draft version. Users who have created a file can delete it as long as it has not been released. After the release the administration permission is required for this.

Permissions are not inherited retroactively. If, for example, you are granted the administration permission for the folder containing your file, your file's permissions remain unaffected by this.