Roles and permissions
Global roles
There are two User Types
Organisational user
Access:
- Published sections
- Published content types
- Search experience
- Directory experience
- All enabled Apps
- Personal feed
- Notifications
- Profile page
- Personal content pages
Create:
- App content
Edit:
- Profile settings
- Account settings
Interact:
- @mention other users
- Comment and reply to comments
Report:
- Comments as inappropriate
- Messages as inappropriate
External user
Access:
- Extranet homepage
- Personal feed
- Personal content page
- Profile page
Edit:
- Profile settings
- Account settings
It’s possible to give external users access to other sections, apps, and experiences, such as profiles and the directory. Here’s what you need to know about extending the external user permissions.
There are eight Management Roles
Webmaster
Access, create and edit:
- All of Administration
- All sections, content types, apps, comments and files
- Search experience
- Directory experience
- All profiles and account settings
- All groups, including secret groups
- Personal content page
Interact:
- @mention other users
- Comment and reply to comments
Report:
- Comments as inappropriate
- Messages as inappropriate
Brand manager
Access and edit:
- Branding in Administration
Includes Colour scheme, Fonts, Footer, Login, Logos, Mobile, Wallpaper, UI Elevation, and Widget branding
Content layout manager
Access, create, edit and delete:
- Templates in Administration
Locations admin
Access, create, edit and delete:
- Locations in Administration
Ideas admin
Access, review, manage and delete:
- Ideas app in Administration
- All ideas created in the Ideas app
- Idea statuses
- Idea categories
- Ideas submission form
- All Ideas admin comments
- You can also export ideas
Queries admin
Access, review, manage and delete:
- Queries app in Administration
- All queries created in the Queries app
- Query statuses
- Query categories
- Queries submission form
- All Queries admin comments
- You can also export queries
Groups manager
Access
- Must be able to access all groups regardless of whether they are a member of the group or not
- Must be able to access the group landing page
- Must be able to access the group landing page dashboard
- Must be able to access the dashboard, members and docs area for each group regardless of whether they are a member of that group or not
- Must be able to access ‘Manage Groups’ page
- Must be able to access In Place Editor / Customise Page feature on groups landing page
- Must be able to access groups category management page at /invotra/admin/app-settings/group-category
Create/Edit/Delete
- Must be able to create post/polls/comments/docs in groups if THEY ARE a member of that group
- Must NOT be able to create post/polls/comments/docs in groups if THEY ARE NOT a member of that group
- Must be able to edit posts/polls/comments/docs in all groups regardless of whether they are a member of the group or not.
- Must be able to delete posts/polls/comments/docs in all groups regardless of whether they are a member of the group or not.
- Must be able to add/edit/delete widgets using In Place Editor / Customise Page feature on groups landing page
- Must be able to access widget settings and style options using In Place Editor / Customise Page feature on groups landing page
- Must be able to add/edit/delete group category taxonomies on the group category management page at /invotra/admin/app-settings/group-category
Brand manager role
Should have access to all pages in Invotra Admin under ‘Branding’
There are ten global Publishing Roles
Section manager
Access, create, edit and delete:
- Any section
- Section members and teams
- ‘Manage sections’ in Administration
Author
- Create all content types
- Change workflow state to ‘Needs review’
- Clone content types
- View unpublished content types
- Edit own content
- Access manage content
Editor
- Create all content types
- Change workflow state to ‘Reviewed’
- Clone content types
- View unpublished content types
- Edit own content
- Edit other users’ content
- Access manage content
Publisher
- Create all content types
- Change workflow state to ‘Published’
- Clone content types
- View unpublished content types
- Edit own content types
- Edit other users’ content types
- Delete any content type
- Edit and delete all files
- Access manage content
- Moderate messages from Message Wall
Moderator
Access, review, manage and delete:
- Comments before they are published
- Comments reported as inappropriate
Content reviewer
- Emailed 31 days before a review date passes
- Emailed 3 days before a review date passes
These emails are also sent to the content owner and author.
Previewer
- Enable and disable preview mode
- View unpublished sections
- View unpublished content types
- View unpublished sections content types displayed in widgets
Section specific previewer
- Enable and disable preview mode
- View unpublished content types for a specific section
Blogger role
What is the role?
- Can create blog posts
- Can edit own blog posts
- Can manage workflow state for own blog post
Cannot:
- Create other content types such as News, Pages etc
- Edit other authored blog posts
- Manage workflow state for other authored blog posts
Who can blogger change authoring info for?
- The blogger role with a Ghostwriter role can change authoring for any blog post
- The blogger role without a Ghostwriter role cannot change authoring for a blog post
Who can blogger change workflow state for?
- The blogger role with a Ghostwriter role can view or change workflow state for any blog post
How to get set up as a blogger
Signed in as ‘admin’:
- Assign role ‘Blogger’ to user via ‘User management’
- Assign role ‘Blogger to user via their profile ‘Account settings’ > ‘Global roles’
Ghostwriter
What is the role?
Blogs
- Can access, create, edit and apply a workflow state for any blog
(They must also have a blogger role)
Content types
- Can access, create, edit and apply a workflow state for a content type
(They must also have one or more content publishing roles)
Comments
- Can access, create and edit comments
Who can Ghostwriter change authoring info for?
- Can change authoring information for users with/without publishing roles
- Can change authoring information for users with/without blogger roles
- Can change authoring information for users who can post comments
Who can Ghostwriter change workflow state for?
- Can change workflow state for content
- Can change workflow state for blogs
How to get set up as a Ghostwriter?
Signed in as ‘admin’:
- Assign role ‘Ghostwriter to user via their profile ‘Account settings’ > ‘Global roles’
- Assign role ‘Ghostwriter’ to user via ‘User management’
Blogger with Ghostwriter role
What is the role?
- When a Blogger with a Ghostwriter role has assigned content to another user using the authoring information fields in the right hand side drawer and saved the blog with a workflow state, they should be able to return to the blog and can still edit the blog content, authoring information and workflow states for that blog.
- The user which has been assigned the authoring role will be able to access and edit the blog and manage workflow states
How to get set up as a blogger with Ghostwriter role
Signed in as ‘admin’:
- Assign role ‘Ghostwriter to user via their profile ‘Account settings’ > ‘Global roles’
- Assign role ‘Ghostwriter’ to user via ‘User management’
Authors and Editors with the Ghostwriter roles
What is the role?
Author
- This role can create and edit content such as ‘News’ and access authoring information and workflow states when initially creating content.
- Once an Author with a Ghostwriter role has assigned content to another user using the authoring information fields in the right hand side drawer and saved the content with a workflow state, they should be able to return to the content and still be able to edit the content, authoring information and have access to the workflow states for that content.
Editor
- This role can create and edit content such as ‘News’ and access authoring information and workflow states when initially creating content.
- Once an Editor with a Ghostwriter role has assigned content to another user using the authoring information fields in the right hand side drawer and saved the content with a workflow state, they should be able to return to the content and still be able to edit the content, authoring information and change the workflow states for that content.
How to get set up as a author or editor with Ghostwriter role
Signed in as ‘admin’:
- Assign role ‘Ghostwriter to user via their profile ‘Account settings’ > ‘Global roles’
- Assign role ‘Ghostwriter’ to user via ‘User management’
Local roles
There are six local Publishing Roles
Local roles have the same permissions as their namesake global roles, but they are restricted to specific sections. Members, users or teams of users, are added to sections by section managers and given a role.
Section Manager
- Create sections in specific section(s)
- Edit sections in specific section(s)
- Delete sections in specific section(s)
- Manage contributing members and teams in specific section(s)
- Add, edit and delete widgets in specific section(s)
- Add, edit and delete region styles in specific section(s)
- Add, edit and delete widget styles in specific section(s)
- Save templates in Edit Mode in specific section(s)
- Apply templates in Edit Mode in specific section(s)
- Apply layouts in Edit Mode in specific section(s)
- Reset layouts in Edit Mode in specific section(s)
Publisher
- Create all content types and relate specific section(s)
- Edit all content types in specific section(s)
- Delete all content types in specific section(s)
- Clone all content types in specific section(s)
- Access and manage workflow in specific section(s)
- Access and manage revisions in specific section(s)
- Access dashboard (voting) in specific section(s)
- View unpublished content anywhere in specific section(s)
- Apply templates in Edit Mode in specific section(s)
- Access Manage Content and all content types related to specific section(s) in all workflow states
- Access, edit and delete all files related to specific section(s)
When content changes from ‘Needs review’ to ‘Reviewed’ the publisher receives a notification email.
Editor
- Create all content types which are automatically related to specific section(s)
- Edit content types related to specific section(s)
- Clone all content types related to specific section(s)
- View unpublished content types to specific section(s)
- Access and manage workflow states up to ‘Reviewed’ in content types related to specific section(s)
- Access revisions for their all content in content types related to specific section(s)
- Access Manage Content and all content types anywhere in the following workflow states: Draft, Needs Review, Reviewed, including Archived
When content changes from ‘Draft’ to ‘Needs review’ the editor receives a notification email.
Author
- Create all content types, which are automatically related to specific section(s)
- Edit their own content types related to specific section(s)
- Clone all content types related to specific section(s)
- View their own unpublished content types related to specific section(s)
- Access and manage workflow states up to ‘Needs review’ anywhere
- Access revisions for their own content related to specific section(s)
- Access Manage Content and all content types anywhere in the following workflow states: Draft, Needs Review, Reviewed, including Archived
When content is changed back to ‘Draft’ the author receives a notification email.
Moderator
- Manage comments that need review
- Review reported comments
- Delete any comment
- Access unpublished comments, reported comments in Manage Content
Content reviewer
- Receive an email notification when a content type’s review date is 31 days away from passing.
- Receive an email notification when a content type’s review date is 3 days away from passing.
- The same emails are sent to the content type’s owner and author.
Top tip for local publishing team
Try to assign the correct roles to people in your section so they can help you write, edit, review and manage content.
A user can be assigned multiple roles but this should be limited to what is required for them to do their job. It will also make it easier for you to track what they can and can’t do
User roles
Redacted role
Role has no permissions
Read only role
The user CAN:
- Access and edit their profile
- Access all sections and apps (dependent on selected configuration) in a read only capacity
- Like/Rate content
- Submit a poll
- Submit a webform
The user CANNOT:
-
Create nodes e.g Page
-
Create taxonomies e.g tags
-
Create comments
-
Create files