User-Management

User accounts allow people to log into the system. Depending on their role, users have certain privileges. Users that are not logged in will get the role "Guest".

User accounts can be administered in the backend under Users -> Accounts. Each user account can be assigned a default language. When the user logs in, the user-interface (in the admin-backend, for example) will be displayed in that language, if the according translations are available.

When a user is set to inactive, that user can not login anymore.

Roles

Roles determine the privileges that users have in the system, depending on the permissions that are granted to a role. You can create as many roles as you need. The roles "Administrator" and "Guest" exist by default and can not be deleted (they are "locked"). "Administrator" always has all privileges.

Roles can be administered under Users -> Roles.

Permissions

User-actions like accessing content or pages can be controlled with permissions. A permission is a string like "admin.blocks", which would allow a user to administer blocks. Go to Users -> Permissions to see all permissions, grant permissions to roles or create your own permissions.

Be careful when granting permissions to the role "Guest"! All users that are not logged in will have those permissions!

When plugins get installed they can create permissions, if necessary. This is the case, for example, when a plugin introduces a new contenttype. Permissions created by plugins can not be deleted (they are "locked").

Access control

You can use permissions to restrict access to certain elements of Dubsite:

Pages: By protecting pages with permissions you can create password-protected areas. When a user is not allowed to access such a protected page, he/she will be forced to login. This also applies to all sub-pages of a protected page. If more than one permission is assigned to a page, a user must have at least one of those permissions to be allowed to view the page.

Contenttypes: Contenttypes can have two types of permissions: a read- and a write-permission, for example "article.view" and "article.edit" (These names are not mandatory, it could also be "article.read" and "article.write"). You can not manually assign permissions to a contenttype; this is done by the according plugin when it gets installed, but of course you can grant those permissions to roles as you like.

Contents: Single contents can be protected with additional permissions. If you want a special article to be read only by privileged users, you could protect this article with permissions. Other articles could still be read by anyone.

Beyond that, permissions can be used internally by plugins, if access to certain functionality must be restricted.