Role Abilities

Overview

Abilities are individual actions that Cascade CMS users are capable of making. Some actions are very basic, like being able to view the Publish Queue. Others - like being able to change the LDAP setup - are a bit more important, but both are controlled by role abilities.

Roles and their abilities apply in two contexts: System and Site. A System Role primarily governs access to administrative, non-content areas of Cascade CMS. For example, the ability to create new sites and groups, users, and roles will fall within the control of a System Role. Essentially, if it doesn't have to do with a Site, it will be a System ability.

A Site Role is assigned specifically to a site and applies to a site only. For example, the ability to publish content or to bypass workflow within a site are only going to apply when the Site Role is assigned to a specific site.

The permissions tables below outline the available System and Site Role abilities.

Note - Abilities are cumulative. When assigning multiple roles to a user, they will inherit all overlapping abilities between those roles.

System Role Abilities

System Abilities

Ability Required Abilities Description
Bypass all permissions checks   Gives read and write access to all assets.

Site Management Abilities

Ability Required Abilities Description
Access the Site Management Area   Ability to access the Site Management area to create edit or delete sites.
Access All Sites   Ability to access the Home area of all sites.
Create Sites   Ability to create new sites.

Administration Area Abilities

Ability Required Abilities Description
Access the Administration Area   Controls who can navigate to the Administration Area. 
Access Users, Groups, and Roles Access the Administration Area *Gives the ability to access Users, Groups, and Roles.
View Information and Logs and Send Support Request in Administration Area Access the Administration Area Gives the ability to view and download system information and logs.
Force logout of users Access the Administration Area Gives the ability to log out other users from the system.
Access/Modify Default WYSIWYG Editor Configuration Access the Administration Area

Allows users to access and update WYSIWYG editor configurations in the Manage Site area for the site. Because there are no individual permissions or containers for editor configurations, users with this ability will have access to all of the site’s editor configurations.

All users who have access to update the site’s settings can choose a default editor configuration, regardless of this ability.

Modify Dictionary Access the Administration Area or Access the Manage Site Area (Site Role)

Allows users to access and edit the System Dictionary.

* Having the ability to access a particular administration area asset does not circumvent access rights applied to assets of that type.

Home Area Abilities

Ability Required Abilities Description
Edit Access Rights   Ability to change access rights to the assets to which the user has write permission by assigning the groups and users that the user has abilities to view.
View the Audits Tab   Ability to view the audits of assets to which the user has read permission.

Tools Abilities

Ability Required Abilities Description
Optimize Database   Ability to use the Database Optimizer tool.
Sync LDAP   Ability to trigger an LDAP synchronization.
Modify Logging   Ability to choose different classes/packages that should be outputting logging information.
Search and Indexing   Ability to access the Searching and Indexing tool.
Modify Configuration Files   Ability to access Custom Authentication Configuration, Image Editor Configuration, Image Editor Licence, LDAP Configuration, Product License and Publish Trigger Configuration.
Broadcast Messages   Ability to create and send system broadcast messages.
Database Export Tool   Ability to use the Database Export Tool.
Edit System Preferences   Ability to access and change General, Email, and Content Preferences.

Security Area Abilities

Ability Required Abilities Description
View users that share groups with current user Access Users, Groups and Roles Ability to view users of the same group as the current user.
View all users Access Users, Groups and Roles Ability to view all users.
Create users Access Users, Groups and Roles, either View all users or View users that share groups with current user Ability to create new users.
Delete users that share groups with current user Access Users, Groups and Roles, either Edit all users or Edit users that share groups with current user Ability to delete users of the same group as the current user and at the same time the current user must be able to edit the user.
Delete all users Access Users, Groups and Roles, either Edit all users or Edit users that share groups with current user Ability to delete any users that the current user is able to edit.
Edit all users Access Users, Groups and Roles, either View all users or View users that share groups with current user Ability to edit any users.
Edit users that share groups with current user Access Users, Groups and Roles, either View all users or View users that share groups with current user Ability to edit users of the same group as the current user.
View groups to which current user belongs Access Users, Groups and Roles Ability to view the current user's groups.
View all groups Access Users, Groups and Roles Ability to view all groups.
Create groups Access Users, Groups and Roles, either View all groups or  View groups to which current user belongs Ability to create new groups.
Delete groups to which current user belongs Access Users, Groups and Roles, either Edit all groups or  Edit groups to which the current user belongs Ability to delete the current user's groups that the current user can edit.
Delete all groups Access Users, Groups and Roles, either Edit all groups or  Edit groups to which the current user belongs Ability to delete any groups that the current user can edit.
Edit all groups Access Users, Groups and Roles, either View all groups or  View groups to which current user belongs Ability to edit any groups.
Edit groups to which the current user belongs Access Users, Groups and Roles, either View all groups or  View groups to which current user belongs Ability to edit the current user's groups.
Access Roles Access Users, Groups and Roles *Ability to view all roles in the system.
Create Roles Access Users, Groups and Roles *Ability to create roles in the system.

* Having the ability to access a particular administration area asset does not circumvent access rights applied to assets of that type.

Site Role Abilities

System Abilities

Ability Required Abilities Description
Bypass all permissions checks   Gives read and write access to all assets in the system.

Administration Area Abilities

Ability Required Abilities Description
Access the Manage Site Area   Ability to access the Manage Site area. 
Access Asset Factories Access the Manage Site Area *Gives the ability to access Asset Factories.
Access Configurations Access the Manage Site Area *Gives the ability to access Configurations.
Access Connectors Access the Manage Site Area *Gives the ability to access Connectors
Access Content Types Access the Manage Site Area *Gives the ability to access Content Types.
Access Data Definitions Access the Manage Site Area *Gives the ability to access Data Definitions.
Access Shared Fields Access the Manage Site Area *Gives the ability to access Shared Fields.
Access Metadata Sets Access the Manage Site Area *Gives the ability to access Metadata Sets.
Access Publish Sets Access the Manage Site Area *Gives the ability to access Publish Sets.
Access Destinations Access the Manage Site Area *Gives the ability to access Destinations.
Access Transports Access the Manage Site Area *Gives the ability to access Transports.
Access Workflow Definitions Access the Manage Site Area *Gives the ability to access Workflow Definitions.
Run Transports and Destination Diagnostic Tests Access the Manage Site Area and access to at least one of these: Transports, Destinations Gives the ability to test Transports and Destinations.
Access/Modify Site's WYSIWYG Editor Configurations Access the Manage Site Area  
Publish Readable Administration Area Assets Access the Manage Site Area and access to at least one of these: Publish Sets, Destinations Ability to publish Administration Area assets (Publish Sets and Destinations) to which the user has read permission.
Publish Writeable Administration Area Assets Access the Manage Site Area and access to at least one of these: Publish Sets, Destinations Ability to publish Administration Area assets (Publish Sets and Destinations) to which the user has write permission.

* Having the ability to access a particular administration asset does not circumvent access rights applied to assets of that type.

Home Area Abilities

Ability Required Abilities Description
Bypass workflow   Ability to bypass workflow when creating, editing, copying and deleting assets.
Assign to self and approve steps in a workflow   Ability to assign workflow steps to the current user and to be assigned to transition steps in a workflow.
Delete workflows   Ability to delete workflow.
Assign workflows to folders   When user has edit access to a folder, they can also assign workflows to that folder.
Upload images in file chooser Bypass workflow When editing an XHTML block or a page with a WYSIWYG editor, ability to upload images through that editor.
Multi-select copy Bypass workflow Ability to copy several assets at the same time.
Multi-select publish Publish either readable or writeable Home Area assets Ability to publish several assets at the same time.
Multi-select move Bypass workflow Ability to move several assets at the same time.
Multi-select delete Bypass workflow Ability to delete several assets at the same time.
Modify outputs on pages   Ability to assign different blocks and formats at the page level when editing a page.
Modify the Content Type of pages   Ability to assign a different Content Type to a page when editing it.
Bypass WYSIWYG editor restrictions   Ability to access restricted elements in the WYSIWYG editor configuration.
Bypass Accessibility, Link and Spell Checks when submitting content changes   Ability to bypass content checks enabled at the system or site level.
Modify Data Definitions of Pages and Blocks   Ability to assign or update a Data Definition assignment in pages and Data Definition blocks.
Move or Rename assets   Ability to move or rename assets.
Publish readable Home area assets   Ability to publish Home area assets to which the user has read permission.
Publish writeable Home area assets   Ability to publish Home area assets to which the user has write permission.
View the publish queue   Ability to view the Publish Queue in a particular site.
Reorder the publish queue View the publish queue Ability to reorder jobs in a site's publish queue.
Cancel publish jobs View the publish queue Ability to cancel jobs in a site's publish queue.
Edit access rights   Ability to change access rights to the assets to which the user has write permission by assigning the groups and users that the user has abilities to view.
View the Versions tab   Ability to view previous versions of assets to which the user has read permissions.
Activate or delete previous asset versions   Ability to activate or delete previous versions of assets to which the user has write permission.
View the Audits tab   Ability to view the audits of assets to which the user has read permission.
Break locks on assets   Ability to break a lock on assets so that the users who were editing the asset previously won't be able to submit their edits and the asset will become available for another user to edit it.
View Asset Factories in New menu even if user does not belong to any of their applicable groups   Ability to see all the site's Asset Factories in the new menu.
Choose Destinations to publish to even if user does not belong to any of their applicable groups Publish either readable or writeable Home area assets Ability to choose any destinations that are applicable for publishing.
Be assigned to and use Workflow Definitions even if user does not belong to any of their applicable groups   Ability to start any workflows that are applicable for the asset.
Notify users by email about stale content   Ability to send email notifications from the Stale Content Report.
Access site-wide broken link report   Ability to access the Broken Links Report.
Mark broken links as fixed on the site-wide broken link report   Ability to mark links as fixed in the Broken Links Report.

Tools Abilities

Ability Required Abilities Description
Zip Archive   Ability to upload and unpack a zip archive.
Bulk Change Bypass workflow Ability to use the Bulk Change tool.
View and Restore only assets the current user deleted   Ability to view and restore assets in the Trash that have been deleted by the current user.
View and Restore all assets in the Trash   Ability to view and restore assets in the Trash that have been deleted by the current user or any other user.
Permanently remove assets from the Trash   Ability to remove assets from the Trash which permanently removes them from the system.