Access Settings give you a consistent way to apply security (grant permissions) to folders and objects throughout iMIS: entire websites, individual navigation items, content records, queries, business objects, and the wide array of objects that you can define, import, and store in the Document System.
Access Settings are immensely flexible: they let you tie an object’s permissions to iMIS security roles, security groups, specific users, member types, or your organization’s staff (licensed iMIS users).
Tip: You can meet most of your needs using the preconfigured security sets that ship with iMIS, so become familiar with those.
■ Apply changes to all descendants – (Document System folder objects) Changes to this section, when saved, flow automatically to all descendant definition objects. When cleared, changes to this section apply only to the current definition object.
■ Use a preconfigured security set - Specifies a preconfigured security configuration to use for this definition object, which is the default and preferred way to set permissions for definition objects. You can see the specific permissions that make up the security set in the Make this available to area.
Tip: If a preconfigured security set is close to what you need, select it and then select Make this available to, so that the permissions granted by the security set are copied for you to work from.
■ Make this available to - Lists the roles, groups, users, member types, or authorization levels that may define or view rendered output from this object. If none of the preconfigured security configurations meets your needs, you can set custom permissions here.
The SysAdmin, Content Administrator, and Everyone roles are default system-defined security roles that are assigned to every definition object. The SysAdmin role is assigned in the definition of an iMIS user record, but the Content Administrator role is automatically assigned to every iMIS user who is a member of a content authority group (CAG) that is designated as a Master Admin CAG.
The permissions that can be assigned to each entry in the list are:
□ Full Control - Enables all of the following permissions.
□ Read - Enables users to see this object both in definition windows and as rendered output in websites, but they cannot change the object's definition.
□ Add - Enables users to create new objects, or to paste or import an object into the Document System.
□ Edit - Enables users to edit this object's definition, but not to delete the object.
□ Delete - Enables users to delete this object.
□ Select - Enables users to assign a tag to content folders and content records.
Custom security groups (use sparingly)
You can add/remove specific Roles, Groups, and Users and assign them each a specific set of permissions. Making this type of change to the security for an object results in a new unique AccessKey for the specified Access List permissions.
You can create a custom security group by tweaking a predefined group or building your own from scratch (using the Make available to radio button). While a custom security group offers great flexibility, it jeopardizes performance, because it adds several rows per object. If the security tables get too large (given that they are joined on every query), your system can slow significantly.
Caution! To minimize performance impacts, avoid using custom security groups where their effect multiplies: folders, Navigation items, and all children the same (unless you are using shared security, or it is mission-critical).