With concrete5 now supporting group hierarchy, it is important to remember how to use permissions correctly. First some nomenclature:

Groups - these are inclusive containers you put individual accounts into. Take this example:

  • Food Products
    • Veggies
      • Lettuce
      • Carrots
    • Fruit
      • Apples
        • Green
        • Red
      • Oranges


You might place user “Joe” in the Green group under apples. This would mean any time in concrete5 you use “Food Products / Fruit / Apples / Green” as a selector, Joe would come back. It also means using “Food Products / Fruit / Apples” would return Joe, as would “Food Products / Fruit” or just “Food Products”

Task Permissions - These are a type of permission that is used only once in concrete5, typically used for admin setting stuff. If there’s no “for clause” to your permission need this might be the right thing to use:

“Who can change the cache settings?”

(clearly this is “for” the whole site so it makes sense to be a task permission.)

“Who can change the pricing data for this feed”

(NOT a good task permission as it relates to a specific feed. )

Permission - These are types of permissions that are joined to a specific bit of data. You’ve been exposed to them at a page/block area/block level. They also exist against feeds and product types in CDAM.

The key here is to not let the power of group hierarchy confuse architecture decisions around what should be Permissions.


Recent Discussions on this Topic

No responses have been posted yet.