Contents
1. Introduction
1.1 Features
1.2 Assumptions
1.3 Convetions
2. Account manager overview
3. Users
3.1 Add a new user
3.2 Grant the user access permissions
3.3 Edit user username (Full Name)
3.4 Administrator permissions: username (Full Name)
3.5 Page Manager permissions: username (Full Name) [n-nn of nn]
3.6 Delete a user
4. Groups
4.1 Add a new group
4.2 Select Admin permissions for a capacity
4.3 Select Page Manager permissions for a capacity
4.4 Add a user to a group/capacity
4.5 Change a members group
4.6 Move a user from 'No Group' to a group
5. Concluding remarks
In a school with so many areas (sites) to manage, with sometimes hundreds of users, grouped in so many categories that range from pupils to the board of directors and everything inbetween, with a dozen or so of modules on which some have permissions and others don't, account management can be a task you wish for your worst enemy.
In Website@School we have tried to make account management as simple as possible, as well as also permitting a refined, role based access control (RBAC) on users and groups. This advantage has its drawback. It's easy to make mistakes. By checking one wrong checkbox you can give almost all your users access to everything. Please take care when managing accounts!
The features of the Account Manager in no specific order:
- Permissions: There are 14 permissions:
- The user may visit a protected area.
- Add an area to the site.
- Delete an area from the site.
- Edit area properties, for ezample the theme, ttile, etcetera.
- Add a node (page/section) to an area.
- Delete a node on an area.
- Edit node properties, for example title, description, etcetera.
- Add a sub node (page/section) to an existing node in an area.
- Delede a sub node from an existing node in an area.
- Edit the properties of a sub node, for example title, the module, etcetera.
- Add content to a node.
- Delete content from a node.
- Edit the content or concept content (a hidden page) of a node.
- Publish the content of a node, i.e. make it visible
These 14 permissions can be granted to difeerent levels:
- for de complete site
- for a specific area
- for a secific node (plus its underlying nodes)
- Roles: With the permissions different roles can be performed on the site, areas, sectons and pages:
- --: Null, nothing: this role corresponds to no permissions at all.
XXXXXXX EN bekijken?
- Contentmaster: Only page content can be modified.
- Pagemaster: Page properties and page content can be modified.
- Sectionmaster: Section properties can be modified and subsections and pages can be added.
- Areamaster: Area properties can be modified and top-level sections and pages can be added.
- Sitemaster: Site properties can be modified and areas, sections and pages can be added.
- Guru: Everything: this role provides all possible permissions, perhaps even more.
- Breadcrumb trail: The breadcrum trail at the top of the pages show you where you are and are also clickable links for easy navigation.
- Users: Create, edit and delete users and their properties: username, password, full name, e-mail address, active or not, redirection (where to go after logout), language selection, high visibility, selectable editor, data folder (pathname cannot be changes).
- Admin: Grant or take away access permissions for users to the management tools: Startcenter, Page Manager, File Manager, Module Manager, Account Manager, Configuration Manager, Statistics and Tools.
- Groups: Add a group, give roles to a group or delete a group. Up to 8 capacities can be given to a group. A capacity is a label to which permissions can be granted on the different managers, tools, sites, areas, sections and pages.
- Group membership: A user can be given a group membership thus giviing her specified permissions.
- Intranet: Give a user access permissions to intranets. Permissions are:
- none: Null, nothing: this role corresponds to no permissions at all
- access: Intranet access granted: private areas can be visited
- guru: Everything: this role provides all possible permissions, perhaps even more.
- Page Manager: Gives a user access permissions to site, areas, sections and pages. Permissions are
- '--' => 'Null, nothing: this role corresponds to no permissions at all';
- 'Contentmaster' => 'Only page content can be modified'
- 'Pagemaster' => 'Page properties and page content can be modified'
- 'Sectionmaster' => 'Section properties can be modified and subsections and pages can be added'
- 'Areamaster' => 'Area properties can be modified and top-level sections and pages can be added'
- 'Sitemaster' => 'Site properties can be modified and areas, sections and pages can be added';
- 'Guru' => 'Everything: this role provides all possible permissions, perhaps even more';
This chapter builds on other chapters. We assume you have an installation with demo data and the Website@School Users Guide. and you have full access to Website@School.
Next to that we assume you have read the Introduction, Logging in and out and completely performed the Guided Tour.
Some general features of W@S are not that easily found. Some corrrespond with the markup of this manual text, so we explain them both here.
- Mouseovers: Almost every image, icon, button, link or data field has a mouseover text. Please hover over these items to see a short description, and expanastion or shortcut key combination for an item. This user friendly feature is aimed at the novice user of a CMS.
- Shortcut keys: You do not need a mouse to work with W@S. Items are accessible with shorcut keys that are mentioned in the mouseover. Your browsers manual will tell you which keys to press in conjunction with the shortcut keys.
- Yellow status bar: The yellow bar will give status messages, for example:
Data folder (cannot be changed lateron): filename not acceptable: 'grade 8'
Confirmation or error messages will be displayed in this yellow bar. If necessary these messages can be copied and past in e-mail or forum posts for support.
- Pop up windows: Sometimes pop up windows are displayed together with the yellow status bar. They draw your attention and you have to turn them off to proceed. Read them, then click the [OK] button. The pop up messages are also displayed in the yellow status bar to cut and paste them.
- Text markup: Below are the text elements that have s special markup:
- [Enter] or, for example [Alt-N]: To indicate that you can use the keyboard.
index.php
: To indicate a file name.
- Name: The bold underlined character of field titles identfy the keyboard shortcut that can be used to access or modify the item. Your browsers manual will tell you which keys to press in conjunction with the bold underlined character.
- [D] or, for example [P]: In high visibility mode (for blind an dvisually impaired persons) the first one indicates the Trashcan (Delete). The second one indicates the Page preview
icon.
- Private area [ ] Mark ... etcetera: The [ ] in a text indicates a checkbox.
- Add a page or, for example Area: A blue text refers to the same text in a screenshot.
- Add an area, or for example Page Manager: Bold text refers to an item that is visible in a screen shot
(top)
To go the the Account Manager, please click on its icon
to open the Account Manager dialogue:
accountmanager_account_manager_open.png
The opening screen is split in two parts:
- Menu pane: Depending on the task you are performing the clickable links in Menu give acces to several options in the Workspace.
- Workplace pane: Where options can be edited. After opening the Account Manager, a summary of users and groups is shown.
(top)
In this paragraph we add a new user and give her access permissions.
In the Account Manager Menu, click the Úsers link to open the Users dialogue:
accountmanager_account_manager_users.png
The the Úsers link opens the list of all Users. To add a new user, click the Add a user to open the Add a user dialogue:
accountmanager_account_manager_users_add_user.png
Explanation:
- Name: Enter the login name for the new user. The name cannot have spaces.
XXXXXXXXXX NAME PROPERTIES?
- Password: Website@School does not accept simple passwords like 'helen' or 'maria2'. These simple passwords are easy to guess and using them endangers your complete system and the data. Passwords must have certain properties to make them difficult to guess. A Website@School password must:
- have at least a minimum length of 6 (six) characters,
- have at least 1 (one) uppercase character (A-Z).
- have at least 1 (one) lowercase character (a-z).
- have at least 1 (one) digit (0-9)
- preferably have special character like: at-sign '@', hash '#', dollar '$', percentage sign '%', caret '^', ampersand '&', asterisk '*', left parenthesis '(', right parenthesis ')', dash '-', underscore '_', plus '+', equals '=', left curly brace '{', right curly brace '}', opening bracket '[', closing bracket ']', semicolon ';', slash '/', dot '.' and question mark '?'.
It is also a good idea to choose a password of more than 6 characters long. Here is an example.
A good password is 'Mrbh3ws!' (omit the quotes). This password is easy to remember when you know it stands for the sentence: "My red bike has 3 wheels!". However, and that makes it a good password, it's very difficult to guess when you do not know the sentence. This sentence trick is an easy way for pupils to create difficult passwords and remember them.
NOTICE:
When your password does not meet the requirements, you get a warning message and enter an improved password.
- Confirm password: Retype the password.
- Full nmae: The full name of the owner of this account.
- E-mail: Enter the e-mail address of this user. This e-mail address is used when the user has forgotten her password and it's also used for sending her alert messages.
- Active user [ ]Mark this user as active:
- Checked: The user is active and can make use of her account.
- Unchecked: The user is not active and cannot make use of her account. Somtimes a sensible idea for a 'special' pupil.
- Save: To save your results and return to the list of users. The user is added.
- Cancel: To cancel your action and return to the list of users.
After clicking [Save], the user is added:
accountmanager_account_manager_users_user_added.png
The user is added. In the next section we will discuss access permissions.
The user has her own, personal properties such as being 'active', her preferred language, her favorite editor, etcetera. These are her Basic properties.
A user can also have administrative permissions, i.e. do certain management tasks, have access permissions to certain areas or intranets, create pages and texts, etcetera. These are the Admin permisions.
Clicking on a username or its pencil icon, opens the Edit user username (Full Name) dialogue:
accountmanager_account_manager_edit_user-top.png
accountmanager_account_manager_edit_user-bottom.png
Explanation:
- Name: Enter the login name the new user. The name cannot have spaces.
NAME PROPERTIES?
- Password: To renew the password. The old password is not visible. This is a security feature.
- Confirm password: Retype the password.
- Full nmae: The full name of the owner of this account.
- E-mail: Enter the e-mail address of this user. This e-mail address is used when the user has forgotten her password and is used for alerts.
- Acitve user [ ] Mark this user as active:
- Checked: The user is active and can make use of her account.
- Unchecked: The user is not active and cannot make use of her account. Somtimes a sensible idea for a 'special' pupil.
- Redirection (where to go after logout): Specify an Universal Resource Locator (URL) where this user is redirected to after logout. This feature can be useful for users who are only interested in particular areas, sections, etcetera.
- Language: The dropdown menu shows the available languages. Please check for updates for new languages. The language names are shown in their own language.
- Enable text interface [ ] High visibility: This feature is for visually impaired or blind persons and can be used in conjunction with a braille terminal.
- Editor: The dropdown menu gives access to available editors for this user. At this moment the FCK editor and a plain HTML editor are available.
- Data folder (pathname cannot be changed): The folder name uses the user namen and cannot be changed.
- Save: To save your results and return to the list of users.
- Cancel: To cancel your action and return to the list of users.
After saving your work, you return to the list of Users.
To enter the admin permissions dialogue for a user, click on her name or on the pencil icon next to her name. This opens the Eedit user loginname (Full Name) dialogue. In the Menu, select Admin to enter the Administrator permissions: usename (Full Name) dialogue:
accountmanager_account_manager_edit_admin.png
Explanation:
- Guru All permissions: Take care! This is the most dangerous one. If this permission is set, it is not necessary to set any other permission in the list. The user has all permissions.
- Startcenter Basic administrator: This permission is the access to Home, the Start Center. This permission is necessary for all underlaying permissins. Having this option is useful for temporarily blockinng all permissions for a user.
- Manipulate pages and sections Page Manager: Gives access to the page manager and the areas this user has accees permissions for. See below under Page Manager.
- Upload files File Manager: Gives access to the (for this user accessible parts) File Manager.
- Module administration Module Manager: Gives access to the (for this user accessible parts) Module Manager.
- Users and Groups Account Manager: Gives access to the Account Manager.
- Site configuration and area manager Configuration Manager: Gives access to the Configuration Manager.
- Pageveiws and performance Statistics: Gives access to the Statistics.
- Tools Translations:
- Tools Backups:
- Tools Log Viewer:
- Tool Update Manager:
- Save: To save the permissions and return to the basic properties dialogue.
- Cancel: To cancel your action and return to the basic properties dialogue.
Most of the items speak for themselves. When you came here from selecting capacities, click section 4.2 Select Admin permissions for a capacity to return there.
When, in the previoius section, also the Page Manager was selected, this item is added to the Menu of the user:
accountmanager_account_manager_edit_user-top_pagemanager_added.png
In the Menu, select Page Manager to open the Page Manager permissions: username (Full Name) [n-nn of nn] dialogue:
accountmanager_account_manager_edit_pagemanager_expanded_top.png
For the manual, we have expanded Area 1 Exemplum Primary School and its dropdown menu.
Observe the breadcrumb trail, indicating where you are and the Page Manager permissions: janha (Jan Haarman) [1-20 of 26], indicating that the list is longer than shown. That's also visible in the bottom part.
accountmanager_account_manager_edit_pagemanager_expanded_bottom.png
Explanation:
- Realms: In the Page Manager the user permissions for a specific realm, i.e. the areas, its sections, subsections and pages can have a specific role attated to it.
- Roles: A
- --: Null, nothing: this role corresponds to no permissions at all.
- Contentmaster: Only page content can be modified.
- Pagemaster: Page properties and page content can be modified.
- Sectionmaster: Section properties can be modified and subsections and pages can be added.
- Areamaster: Area properties can be modified and top-level sections and pages can be added
- Sitemaster: Site properties can be modified and areas, sections and pages can be added
- Guru: Everything: this role provides all possible permissions, perhaps even more
- Save: To save the permissios and return to the basic properties dialogue.
- Cancel: To cancel your action and return to the basic properties dialogue.
- View: By clicking on
Previous 1 2 Next All, you can navigate in the lists.
accountmanager_account_manager_delete_user.png
ADD PICTURE , WHAT IS DELETED
(top)
A group is formed by a collection of users, each with differing permissions. An set of permissions forms a 'capacity'. Capacities can be given to the menbers of the group. In one group one member can have one capacity. The maximum number of capacities per group is 8, selectable from a list of 20 capacities. The names of the capacities can be changed according to your needs, see chapter Tools paragraph Small language adaptions.
A practical example to illustrate this. A group can be the pupils of grade 8 and their part time teachers. Together they run the Grade 8 area.
The pupils have permissions to add/delete content on their pages, one of the teachers can create pages and sections while the other is the 'webmaster' of the Grade 8 area.
Please click the Groups link to enter the Groups dialogue:
accountmanager_account_manager_group_open.png
Clicking the Groups link opens the list of existing groups. Here you can select a group to manage, or create a new group and select capacities for that group.
Clicking the Add a group link opens the Add a new group dialogue.
We will first discuss the top part of this dialogue:
accountmanager_account_manager_group_add_group_top.png
Explanation:
- Name: Enter the name for the new group. NAME PROPERTIES?
- Description: A short description of the group.
- Active group [ ] Mark this group as active:
XXXXXXXXXX geen toegang?
The bottom part of the Add a new group dialogue:
accountmanager_account_manager_group_add_group_bottom.png
Explanation:
- Capacity1 to 8 : Use the dropdown menu to select a capacity from hte list.
- Dropdown menu expanded: The list suggests some capacities. The names can be changed to your needs. See the Tools chapter, section Small language adaptions.
- Save: To save your results and return to the groups list.
- Cancel: To cancel your action and return to the groups list.
After saving, the, group is added to the list in the form of:
group name (Capacity, Capacity)
accountmanager_account_manager_group_added.png
when you have chosen the capacities for a group, you can give each capacity permissions to do their special task. In the list of groups, find the group and click on the capacity you want to give permissions to. You see:
accountmanager_account_manager_group_capacity_overview.png
From the Menu, select Admin:
accountmanager_account_manager_group_capacity_admin.png
Select the permissions you want to give to this capacity. This sublect is already treated in Admin permissions.
NOTICE:
Do not forget to give at least permission on the Startcenter, otherwise no access is given to other permissions.
When also the Page Manager is selected, it becomes visible in the menu after saving your work:
accountmanager_account_manager_group_capacity_admin_added.png
Click the Page Manager link to select its dialogue:
accountmanager_account_manager_group_capacity_page_manager.png
Now the permissions for this capacity on the area, section or page can be set. This action is ealrier desbribed in 3.5 Page Manager permissions.
Now that the permissions for the capacities are set, we can make the user a member of the group and capacity. This is done as follows. Go accounts > all users > select user > Menu: Groups. You see:
accountmanager_account_manager_user_group_memberships.png
Click the Add a group membership link:
accountmanager_account_manager_user_group_add_membership.png
Select, for this user, the right group/capacity and [Save] your work.
accountmanager_account_manager_user_group_membership.png
The user has become a menber of the Newsletter group and has his permissions as Project lead.
An example: How to move Andrew Reese from group 'seniors' to group 'faculty'? Proceed as follows:
- In the Startcenter, select Account Manager.
- In the Account Manager, in the Menu, click Users.
- Select Andrew Reese (andrew) .
- In the Menu, click Groups.
- The list of memberships opens: only 'seniors'.
- Click 'add a group membership'.
- Select the desired group/capacity from the list. Options are 'principal' or 'member'.
- Click [Save].
- Observe the membership list. At this moment its 'faculty' and 'seniors'.
- Click the Trashcan to delete 'seniors'.
- Observe the membership list. At this moment just 'faculty'.
UTIZOEKEN:
XXXXXXXXX
Bij wisselen capacity eerst ontcapacity, dan de niewuwe.
Proceed as follows:
- In the Startcenter, select Account Manager.
- In the Menu, select users.
- In the Menu, select No group(n).
- In Users, select the user.
- In the Menu, select Groups.
- Click the link Add a group membership.
- From the dropdown menu select group/capacity from the list.
- Click [Save].
(top)
No concluding remarks yet.
(top)
EINDE TEXT
Op vergelijkbare wijze kun je iemand alle permissies geven op 1 enkele
node in een bepaalde area, bijv. de MR-node of de OR-node. De
MR-webmaster of OR-webmaster kan dan bijna net zoveel als de
'area'-beheerder met uitzondering van het wijzigen van de
area-gegevens, het toevoegen en verwijderen van een node aan/uit een
area, in totaal dus 9 verschillende permissies (14 - 2 - 3).
Tot slot maak ik op het laagste niveau (de 'content') nog
onderscheid tussen het wijzigen van inhoud en het publiceren
van inhoud. De diepere gedachte daarachter is dat een leerling
prima rechten zou kunnen krijgen om een node te editen, maar
dan alleen in concept. Alleen de leerkracht zou, voor die node,
permissie kunnen krijgen voor publiceren. Voor een 'normale'
pagina met een 'normale' gebruiker, bijv. de guru-webmaster,
geldt natuurlijk dat het wijzigen en publiceren 1 handeling zou
kunnen zijn, net zoals nu.
Author: Dirk Schouten <schoutdi (at) knoware (dot )nl>
Last updated: 2011-02-07