User permission on templates

I think the big idea is to have a better RBAC (role based access control) in Percussion.  Currently you have to take 200 steps to setup rights.  It would be nice if we could setup our roles and then inside that role say what it has access to (templates, assets, pages, etc).

Debbie,

I think in your case I would envision a Role for each site/section like:

“Section A - Contributors”

“Section A - Editors”

“Section B - Contributors”

“Section B - Editors”

If we add Role based support for Templates and Folders wouldn’t that approach solve that issue for you?

-n

I’m not sure what the Section A and Section B would be.  I have one person that is an Editor for one site, but a Contributor for about 8 others.

 

Hi Matt,

Agreed, that is why we are talking through these Role based features.  The feedback is helpful.  Bulk configuration at the role level   is definitely a good idea.   From your perspective is that more important than being able to configure things at the individual object level (Folder, Template, etc)?

The other areas that we are looking at related to this are related to Site Visibility.  So Role based visibility to a site, that could  also affect the Roles that are available to be used on a site etc. 

Cascading Permissions / Permissions inheritance, Deny First versus Allow First approach to security are also related feature requests.  

The way I describe the steps above is taking an Allow First approach, which may not be the right way to go based on click counts - we were thinking of the upgrade scenario more than anything else there. 

-n

I believe it is.   It would be much easier to create a role and then add what that role needs access to.  Then all you have to do is assign that role to each user.  Were as before you have to go to every folder each time you add a new user and give them the rights they need.

I think by default no one should have access to anything and then you gradually give them permissions.

Thanks for the feedback.  The work on assigning Available (Sites, Folders, Widgets, Gadgets, and Templates) on a Role basis is planned to start in the 5.4 release.  We will have an upgrade story that auto adds all objects to all existing roles so that customers aren’t surprised on upgrade.  For new installs / roles created after upgrade / the default will be for a deny first approach.

Wow… 4 years to finally approve this post?