Guide to advanced permissions in Concrete CMS

Concrete CMS comes with very flexible, granular user permissions. When setting permissions to advanced, we can give users access to edit as much or as little as we want, even down to one block on one page.

However, advanced permissions are fairly involved to set up, which is why I wanted to create a guide to fully cover everything you need to do.

What you need

To get started, you will need access to the "super admin" account.  This is the user account, which your website will start off with, before adding any other accounts.

The super admin is a unique account in that:

• It automatically has permissions to edit everything
• It cannot be deleted
• Normally the websites' developer will keep this account so they can maintain control and administer other user accounts

The super admin account can acces everything, including key settings for enabling advanced permissions, so this is the place to start.

Enable advanced permissions

First of all you need to enable advanced permissions.  This is not reversible, so it's a good idea to do this on a development version of your site or take a backup of the database first before you do so. 

Changes to permissions go live straight away, so be prepared to affect your site in potentially unwanted ways while you get all the settings in place.

1. To enable advanced permissions, type "advanced" into the search and click the result "Advanced Permissions":
   
   
    
2. You'll then see a warning saying "Once enabled, advanced permissions cannot be turned off":
   
   
3. And at the bottom is the button that you will click to "Enable Advanced Permissions":
   
   

You have now enabled Advanced Permissions and need to start setting up your groups, users and their permissions.

Introducing User Groups

Although you can assign permissions to individual users, I prefer to work with groups.  Users can be added/removed from groups very easily as staff come and go.

For example, you have a group for the HR manager in your organisation.  Their only action in the site is to load new jobs to the careers section. 

If you set the permissions on that user and they leave, you will delete that user once they are gone and lose all your permission settings!  So when a new HR manager joins, you'll have to do all the permissions set up again for the newbie.

However, if you have a group called "HR", you can just remove person A from that group and then when person B joins, you can simply add them to the HR group and they'll be good to go.

Check what Groups you already have

Before you can assign the right permissions to a user, you'll want to make sure you have a Group that they can be added to.  This may already exist, so it's best to check for an existing Group that may do what you want.

1. The easiest way to go to your Groups is to enter "group" in the search box and then click "User Groups":
   
   
    
2. You'll then see a list of your existing User Groups:
   
   
    

Create your new Group

If you want to create a new Group, you'll need to decide what you want it to do.  For example, you could have a "Bloggers" group that just has access to write new blog posts.

1. If you are not viewing User Groups, you need to go there first, search "Groups" on the right of the edit bar and click "User Groups":
   
   
    
2. Click the "New Group" icon (top right) on the User Groups page:
   
    
3. You can then name your Group and give it a helpful Description:
   
    
4. There are some more advanced settings here too:
   

 

Add your Group to a User

A Group without users is like a car with no fuel, it's not going anywhere!

To add your new Group to a User, you will need to:

1. Navigate to the Users screen in the CMS:
   
   
    
2.  Click on the user you want to edit:
   
   
    
3. On the User Detail page, scroll down to Groups and click Edit:
   
   
    
4. Then select the Groups that you would like the User to be in:
   
   
   
   Save, then that's all there is to it!
    

Task permissions

Task permissions are a group of permissions responsible for may tasks on the website, such as emptying the sitemap, installing packages etc.

You probably won't want to give all clients this level of access, so we can limit it to Administrators only:

Changing permissions

To change permissions, you click on the items you want to change and choose which users/groups you want to add or exclude from that particular task.  Included users can do that thing, excluded users can not!

First let's edit the "Access Sitemap" permission:

1. Make sure you are viewing Task Permissions, you can use the search in the edit bar:
   
   
    
2. Then in Task Permissions, click on Access Sitemap:
   
   
    
3. We then see the following modal, where we can add users/groups or exclude them:
   
   
    
4. In this example we'll add another group, so we just click Add here:
   
   
    
5. In the popup under Access, you can choose "Group":
   
   
    
6. And then choose the Group that is allowed to perform this task:
   
   
    
7. When we save, we can now see our allowed Groups:
   
   
   
   That's all you do to grant permissions on a page in Concrete CMS!
    

Page Type permissions

This is one I always used to forget about!  You need to amend the permissions on the actual page types themselves.

1. Search "page types" in the CMS search
   
    
2. Then against each page type you will need to set the Permissions:
   
    
3. Then you just need to change the permissions under each action below:
   

User permissions

Next up, search "User Permissions" in the CMS search bar.

On this page, we have some general use and group permissions that we can set for certain tasks:

Set up a Workflow so Administrators

A Workflow is a way of allowing some users to work on the site and then submit their work to a site admin who can then review and approve the work.  So, Administrators can publish pages, but as we say above, Editors can not.

Add the Workflow

First of all we set up a Workflow for a particular scenario.

1. Go to Workflows by searching "Workflows" in the CMS search.
   
    
2. Click "Add Workflow"
   
    
3. Call it "Approve Page" and make sure it is set to be a "Basic Workflow":
   
    
4. Then choose "Add Workflow":
   
    
5. You'll then see a message to confirm your Workflow has been added:
   
   Workflow created successfully. You may now modify its properties.
    

Choose the Group that will Approve/Deny the final step in the Workflow

Normally we will use the Administrator group to Approve/Deny key changes in our site:

Set this as per the change the permissions method above.

Notify Administrators

Next up, we need to set notifications so team members are emailed when something happens in a Workflow that requires their attention.

We need to notify Editors when a page is Approved or Denied and Administrators when a page needs approval.

You can see the permission settings here for the Notifications we need to set:

For each item, change the permissions as per the method we covered before.

You will now receive emails saying a page has been added and needs approving.

Set the Worflow when adding pages

Now we need to set the Workflow when adding pages.  In our example, we'll click on the Home page, to set permissions for all sub pages in our site and choose "Permissions":

Then scroll down and click "Approve Changes":

Then under Approve Changes, choose the "Workflow" tab and make sure your Workflow is ticked.  Then, finally, click "Save":

​​​​​​​

What's next?

Hope this helps, if you have any comments or feedback, feel free to message us or post in the comments below.

Join the discussion

Want to have your say on this topic? Start by posting your comment below...