Site Tree Branch Specific Permission

So, you’ve got a farcry site up and running and are pretty proud of yourself. That’s great. Now, your client comes to you and says they want a more complicated group policy set up. The default in farcry is to have Contributors, Publishers and Site Administrators. Contributors get access to create and edit content and must request approval from Publishers and Site Admins. Publishers can create, edit, delete and approve content and don’t really need approval from anyone. Site Admins get access to everything including the Admin and Security tabs which are not often used.

Some clients might want something more complicated than that. For example, let’s say we have a site tree (a big one) and the client has a group of people they want to be contributors for part of the site tree and another group of contributors for another part. By default, a contributor has access to the whole site. So, what do you do? Try creating branch specific permissions. Here’s how you do it…

1. Log in as a site admin (the farcry user will work).
2. Click on the Security Tab
3. We want to create a new group of users who have access to just a certain part of the site so click “Create Group” and follow the prompts
4. Once the group is created, select “Policy” from the dropdown. “User Management” is the default
5. Click “Copy a Policy Group”
6. Select “Contributor” from the dropdown and give your policy group a new name (It helps to name the policy group the same as the user group you just created)
7. Now click “Map Policy Group” on the left
8. Select the user group name and policy group name you just created and click “Map Group”
9. In FC 3.0.2 the permissions do not get assigned to that new group yet. I’m not sure if this is a bug or was intentional but I reported this to Daemon just in case. In order to make sure the permissions actually get copied from the Contributor group, click on “Policy Group Permissions” on the left.
10. Select your new group from the dropdown and click update. You can change individual permissions in the grid below but make sure you know what you are doing before you do it to avoid unwanted problems.
11. Now you have a group and a policy group mapped. The new group now has Contributor permissions
12. Select “User Managment” from the dropdown and either create a new user or Search for an existing user. You need to assign the user to the new group you just created
13. Now, go back to the Site tab. We now need to assign branch specific permissions. In this ficticious example I will assume this group needs to be able to see the site tree but can only create/edit content on one branch within the tree
14. Right Click on Home and select Permissions
15. Select your Policy Group from the dropdown and set all permissions to “No” except View. That one gets set to Yes or Inherit. Inherit will inherit the default permissions and by default everyone can at least view Home.
16. Now, right click on the branch inside of home that this new group needs to be able to edit. Select “Permissions” again.
17. Select your group from the dropdown and change the permissions. For this situation I would set all to No (they should already be there due to inheritance) and set Create, Edit, RequestApproval and View to Yes

Now you’ve created a new policy group that has the same permissions as the Contributor group. You created a new user group and assigned the policy group permissions to it and you added users to this new group. Finally you assigned branch specific permissions for this group. The result is when a user from this group logs in, he/she will be able to see the Home node and all branches therein but will be unable to edit or create content in any node except the one that you assigned those permissions to.