• KB Home |
• Need Help?

Learning Levels

• Digest
• Concept
• Technical

Announcements

 A Role is a set of a abilities that govern a User's access to a number of different areas in Cascade.  They can be assigned to a User explicitly, to any of the User's Groups, or to a Site to which the User requires access.  Roles are not to be confused with Access Rights which control read and write access to specific assets.

There are two types of Roles in the system: Global and Site.  These two Role types have many abilities in common, but they apply within different contexts.  Global Roles are applicable when in the Global Area and cannot be assigned to Sites.  Site Roles, as you may have guessed, are applicable to Sites.  Site Roles, however, do not control access to tools and areas of the system that are not specific to a particular Site.  For example, access to the publish queue is governed by a User's Global Roles because the publish queue can be accessed from anywhere in the system and is not specific to any particular Site.  

There are five pre-defined Global Roles in Cascade.  They are Contributor, Approver, Publisher, Manager, and Administrator.  More information about these Roles can be found in the Concept section below.

There are no pre-defined Site Roles, but Site Roles (as well as new Global Roles) can be created based on the five pre-defined Global Roles.

Roles are managed in the Security Area (Users, Groups & Roles) which is located in the Global Administration Area.

Site Roles vs. Global Roles

As mentioned in the Digest section above, there are two types of Roles in Cascade: Site Roles and Global Roles.  Every User and Group in the system must have at least one Global Role but is not required to have any Site Roles.

Both Role types contain sets of abilities that can be toggled on and off; however, the available abilities for each Role type differ slightly.   Specifically, Global Roles contain abilities like "View the publish queue" and "Edit system preferences" which refer to areas of Cascade that are not specific to any Site. Abilities that can be toggled in both Global and Site Roles are items like "Access Asset Factories" because the Global Area and Sites have their own collection of Asset Factories that can be managed on a per Site basis.  

Site Roles are managed in the Security Area, together with Global Roles, and can be applied to multiple Sites for different Users and Groups on each Site.  So, it is possible to create a single "Site Contributor" Role that is applied to one collection of Users and Groups on Site A but is also applied to a different collection of Users and Groups on Site B.  This prevents Administrators from having to duplicate Site Roles in order to apply them to different Sites.

Global Roles can only be assigned to Users and Groups.

Effective Role

In order to figure out whether or not a User has access to an area in the system, Cascade must first determine the User's effective Role which includes all of that User's abilities across all of his or her Roles in a particular context. The context being either a Site or the Global area.

A User's effective Global Role is determined by taking all of the Roles assigned to the User's Groups and all of the Roles assigned to the User directly and "summing" them. For example, if a User is assigned the Contributor Role and the User's Group is assigned the Manager Role; then the User effectively has all of the abilities in the Contributor Role as well as all of the abilities in the Manager Role when in the Global Area.

A User's effective Site Role is determined a little differently, because Site Roles are assigned to Sites directly. The effective Site Role is also only applicable when in a particular Site. Nevertheless, the same principle of summing the abilities for all of a User's Site Roles still applies (including those Roles that are assigned to the User's Groups).  More information about Site Roles and how they are assigned to a User or Group can be found below in the Technical section "Assigning Site Roles to Users and Groups".

Be aware that while in a Site, Global Roles will still apply for abilities not contained in Site Roles.  As mentioned earlier, access to the publish queue is controlled by Global Roles; therefore, a User's effective Global Role still applies for this ability when inside a Site.

Five Pre-Defined Global Roles

There are five Global Roles in Cascade that exist by default.  Each Role can be edited just like any other Role except for the Administrator Role.  Below is a description of each.

Contributor - The Contributor Role is the most basic pre-defined Role in the system and allows Users to perform the simplest actions within Cascade.  It is meant for Users whose main focus is to contribute content to a website within Cascade.

Approver - The Approver Role grants the same abilities as Contributor, but also allows the User to take part in the Workflow process by granting Approvers the ability to approve or reject content that is moving through Workflow.

Publisher - The Publisher Role is the next step above Approver and grants Users the ability to publish content along with granting all abilities enabled in the Approver and Contributor Roles. 

Manager - The Manager Role is best suited for Users who will be managing entire sites whether they be "sites" in the Global Area or actual Site objects in the system.  Managers are granted access to the Administration area and the components contained within.  

Because the Manager Role is a Global Role, it cannot be applied to Sites; however, it is possible to create a Site Role with nearly the same abilities as the Global Manager Role that can be applied to Sites.  

Administrator - The Administrator Role grants Users unrestricted access to everything in the system and should be used sparingly.  It is primarily suited for Users who administer the system itself and not for Users who contribute or manage content.

For a complete listing of each ability granted to the five pre-defined Roles, please see the Default Abilities Matrix.

Creating Roles

To create a Role:

1. While in the Security Area (in the Global Administration Area), click the "New Role" link on the left-hand side (If you do not see a "New Role" link, that means you do not have the ability to create Roles).
2. On the Role Type selection screen, choose either "Global" or "Site" and then Submit.
3. On the following screen, a list of abilities which are broken down by category is displayed (shown below).

4. 

   Toggle checkboxes for abilities you wish to grant Users or Groups using the Role.

5. A drop-down menu is also available which contains a list of the five default Global Roles.  The Role creation screen will be automatically populated with the abilities from any of these Roles when the value of the drop-down is changed.

   

6. Once all desired abilities have been enabled, Submit.

A full listing of available abilities for both Global Roles and Site Roles can be found on our Available Abilities page.

Editing Roles

To edit a Role:

1. Select the Role you wish to edit and then click the "Edit" tab.
2. You can then follow the same steps listed under Creating Roles starting from step 3.

Assigning Global Roles to Users and Groups

To assign a Global Role to a User or Group, follow these steps:

1. In the Security Area, select the User or Group to which Global Roles are to be assigned and click the "Edit" tab.
2. Both the User and Group edit screens contain a multi-select box for assigning Roles.  Select all desired Roles.

3. 

4. Submit.

The Roles multi-select field will contain any Global Roles to which the current User has read access.

Assigning Site Roles to Users and Groups

To assign a Site Role to a particular User or Group in a particular Site, follow these steps:

1. In the Site Management Area, select the Site to which Roles are to be assigned and click the "Edit" tab.
2. On the Roles pane of the Site edit screen, a list of existing Site Roles is displayed (Note: If no Site Roles exist in the system, a warning will be displayed to the User indicating this).  Any Site Roles that have already been assigned to the Site will appear on the right and those that have not been assigned will appear on the left.  Move a Site Role from the list on the left to the list on the right using the green arrows.  This will cause a new section of Users and Groups to appear below the Site Role assignment boxes. 

   

   The User and Group assignment boxes are used to assign Users and Groups to a specific Role.  The name of the Role to which Users and Groups can be assigned is displayed in the heading box above the User and Group assignment select boxes.

   

3. Move the desired User or Group from the left selection box to the right using the green arrow.
4. Submit.

Once a Site Role has been assigned to a particular User or Group for a particular Site, that User or members of that Group will be able to access that Site via the Site dropdown at the top of the screen.  Upon entering the Site, the User or Group's actions will be governed by the abilities granted in the Site Role to which the User or Group is assigned and not the User's Global Roles, with some exceptions.  As stated above, there are some abilities controlled by Global Roles that are not available in Site Roles.  When determining if a User can access, for example, the publish queue; the User's Global Roles must be examined regardless of whether or not the User is currently inside a Site.  Most content level abilities, though, will be governed by the User's Site Roles when the User is in a Site.

Role Audits

Roles, like most other assets in the system can be audited.  Role Audits include all actions made by Users who are assigned a particular Role directly and actions made by Users whose Group(s) are assigned that Role.

Role References

• Available Abilities

Downloads

• user-group-assignment.png

© 2001 - 2010 Hannon Hill Corporation

Site Index | HH Internet | KB Feedback

Contact Us: Online Form | +1.678.904.6900