Managing Users

Roles required

Managing users can be done by users with either the Administrator or User Administrator role.

All users can use Single Sign On with their NetID via the Central Authentication System (CAS), so there is no need to have unique usernames and passwords.

How to Add a User

Note: The roles are additive, so most Content Administrators will also need the Content Editor role if they will need to create or edit content.
  1. Log in to your site using the /cas log in procedure.
  2. In the top menu, click on People -> Add CAS User(s)
  3. Type the person's NetID in the CAS username(s) field. You can add as many as you'd like, one NetID per line.
  4. Select the desired Role(s).
  5. Save.
Note: Do not enter full email addresses, only the NetID.

How to Delete a User

It is a good security practice to change a user's access to your site when that user no longer requires it to do their job.

Note: It is recommended that you block a user and remove their roles in order prevent the data loss that would occur by deleting/cancelling that user from your system.
  1. Click on People
  2. Type the person's NetID in the Name or email contains field and press the Filter button.
  3. Click the Edit button that appears to the far right of the user name in the resulting table.
  4. Find the Status radio field and change it from Active to Blocked.
  5. Find the Roles checkbox field and uncheck any roles the user has and no longer needs.
  6. Save.

Roles

The roles available in Quickstart have been carefully crafted to balance the access needed to do your work with the security principle of least privilege.

The following roles are available:

Role Description
Content editor Can create and edit site content
Content administrator Can manage menus, taxonomy terms, and redirects
User administrator Can create new user accounts and assign most roles
HTML administrator Can use the "Full HTML" text format
Administrator Can perform security updates, make customizations, and administer site (developer staff only)

Section Editor Access (Workbench Access Module)

The Workbench Access Module allows you to limit content editors’ access to specific sections of your website.

Quickstart gives you the option to set editor access for different users for different sections of your website. This can be done based on Menus or based on Taxonomy terms. This allows you to restrict editing privileges to various content.

To enable the module, an Admin needs to go to Manage > Extend and search for Workbench Access and install it. 

Important Note: The Workbench Access module, by design, only works with content added to the menu using the "Provide menu link" checkbox from the node edit page. It does not work with links/paths manually added to the navigation (under Structure > Menus). If you do not check the box from the node edit page, users will not be able to edit the content even if you assign them to that section.

To set access permissions:

  1. Go to Manage Configuration > Workflow > Workbench Access
  2. IMPORTANT: Click the Settings button and ensure the box labeled “Deny access to unassigned content” is checked. Without checking this box, the section access settings won’t work!
  3. Click back to Schemes.
  4. Click the Add Access Scheme button. 
  5. Enter a Label and Plural Label for the scheme. 
  6. Under the Access Scheme dropdown select Menu or Taxonomy. 
  7. Save
    • If you choose Menu, a list of Menus and Content Types will appear. Select any menus you wish to modify access to and which content types. 
    • If you choose Taxonomy, a list of Vocabularies will appear. Select any terms from this list you wish to modify access to. 
  8. To modify access for different Editors on different pages, return to the Access Schemes overview page.
  9. In the Operations column on the right, click the Sections button for the Access Scheme you want to edit. 
  10. Click the links under the Editors and Roles columns to assign individual users edit access to specific pages, or give entire roles access to specific pages. 
    • Note that permissions “flow down.” So if you give an editor access to a menu, or sub menu, they will also have access to the items contained within that menu. So it is only necessary to grant access permissions to the highest parent element.