Help

All About Permissions

Basics | Initial Page and Content Permissions | Page and Content Ownership | Implicit Permissions | Permission Groups | Troubleshooting Permissions | Flags

The Basics

The website consists of pages and the contents of pages. Pages and pieces of content have permissions associated with them. The explicit page permissions define:

1. who can delete/change settings on the page (so-called “top-level” permissions). These include:

  • changing the page name and URL
  • changing the page permissions settings
  • changing the page appearance settings
  • copying or moving the page and/or its contents
  • deleting the page
  • reordering the menu of sub-pages

2. who can append a sub-page to the page

3. who can add content to the page

4. who can read the page

Each piece of content has a single permission setting: 

1. who can edit or delete that particular piece of content

Initial Page and Content Permissions

When you create a sub-page on the site, it inherits the explicit permissions of the parent page AT THE MOMENT THE SUB-PAGE IS CREATED. Note that if you later change the permissions of the parent page you do NOT alter the permissions of any sub-pages.

After a page is created, its permissions can only be altered by someone who has top-level permissions on the page. 

Like page permissions, content permissions are set when the content is created. Anyone with top-level permissions or add-content permissions on the page AT THE MOMENT THE CONTENT IS CREATED will be able to edit the newly-created content. Note that if you later alter the top-level or content-adding permissions of the page you do NOT alter the editing permissions of already-existing content.

After content is created, its permissions can only be altered by someone who has permission to edit the content.

Note: If you ever have to alter the permissions on multiple pages and pieces of content (so-called “copying permissions down the tree”), call the Help Desk.

Page and Content Ownership

In addition to the explicit page permissions, each page also has an owner—that person who used their “add sub-page” permissions to create a new page. The owner of a page always has top-level permissions on the page, even if he or she isn’t listed in the explicit page permissions.

Each piece of content also has an owner—the person who added the content. As with page ownership, if you own a piece of content you can always edit and delete it, even if you are not listed explicitly in the content permissions.

Note that only individuals can be page and content owners. Permissions groups (see below) cannot own pages and content.

If you ever need to change the ownership on a large number of pages or pieces of content—such as when an employee leaves the College—call the Help Desk. Only administrators and webmasters can change page or content ownership.

Implicit Page Permissions

If you are the owner or have explicit top-level permissions on a page, you also have add-subpage, add-content, and read permissions even if you are not explicitly listed as having them in the page settings.

If you have add-subpage permissions, you also have read permissions.

If you have add-content permissions, you also have read permissions.

Permission Groups

In addition to individuals, groups can also be assigned permissions on pages and content. A group consists of nothing more than a list of individual users. To see the permission groups, go to www.amherst.edu/groups.

There are two types of groups: Pre-defined and manual.

Pre-defined groups are created and managed using information in Datatel, the College’s administrative database system. For example, the system creates a group for each course (and course section, where applicable), which is then used to control access to the reserved readings page on the course website. As students add and drop the course, the membership of the group—and thus the list of students authorized to view the reserved readings—is updated automatically to reflect these changes. 

Manual groups are created and managed by people. In most cases, such groups are created on request by IT staff members, who then either manage their membership or turn over management to the person who requested the group.

Unlike individuals, groups don’t go away unless you delete them. If you use groups instead of individuals when you assign permissions, you will have a far easier time managing your web pages. For example, when someone leaves the College and their replacement is hired, you’ll only have to change the membership of at most a few permission groups rather than having to change permissions on all the pages and content that the departed person touched during their time here.

Like pages, permission groups have permissions: who can change the group’s settings, append sub-groups, and see group members. (If you don’t have permission to see group members, you won’t be able to use that group on your web pages.) These permissions are inheritable in the same way that page permissions are. What is not inheritable is membership in a group: It doesn’t matter where in the group hierarchy a group lives; its membership consists only of the individuals explicitly listed for that group.

Examining and Troubleshooting Page Permissions

If you have top-level permissions on a page, you can view the permission settings by clicking on the Settings tab.

If you’re having trouble figuring out why a particular individual can’t access a page, click the “Solve permissions issues” link located on the right above the table of permissions. Begin entering the person’s name, last name first, and then select it from the list as the name resolves. You’ll see a table that lists that person’s permissions on every page from the top of the website to the page in question. If you run your mouse over a green checkmark, you’ll learn why the individual has the permissions he or she does have. A red X denotes where the individual is denied permission.

Note that in order to exercise advanced permissions on a page, an individual or group must have at least read permission on every page in the hierarchy from the top page of the website to the page in question.

One common ‘permission’ issue isn’t really about permissions. The system lets you hide pages—i.e., prevent them from appearing in the left-hand menu of pages. In order to see such a page in the menu, a person or group needs either top-level or add-content permissions on the page. Note that someone with read permission only can still access the page if you send them the link—or if they guess the URL. Hiding a page is different from restricting access using read permissions, though these are often used in tandem to keep people out of a page or section while you are developing new content.

Flags

In some cases, the system uses “flags” visible only to administrators and webmasters to fine tune how permissions work on a page. For example, faculty members have top-level permissions on all pages on their course websites, but they are unable to perform some top-level functions on system-generated pages because these pages have a “limit_write” flag set. The flag is used on these pages to keep them from being renamed or deleted, which would break the course website. If you can’t do something on a page where you appear to have all the right permissions, call the Help Desk.