Setting appropriate user permissions right away

[patrickkaleta]

It's easiest to configure the permissions right after certain operations on the platform have been performed. Those operations are mainly:

• creating a new content type
• creating a new Entity browser
• adding new form modes
• adding new user roles
• ...

Reasoning: as administrator you automatically get all the necessary permissions after you (for example) create a new content type, but that is not the case for any other user role (so testing the new feature as administrator does not reveal the lacking permissions!). That's why it's important to make the necessary changes immediately, so that we don't forget about that later.

General rules

In general, all authenticated users should be able to edit/delete their own content (which content types they can actually create needs to be debated!).

Editors should for most parts be able to edit all content, with the exeption of certain content types like the data package (for that only a certain group of people should be able to edit individual data packages - Related issue).

Developers should (especially in the beginning) have more rights than Editors to be able to fix and adapt the system. They also need to be able to create content (even though it most likely won't be valid content) for testing purposes. Those permissions can/should later be revoked.

When in need for help, @DenoBeno , @fgeyer16 and @patrickkaleta can help configuring the right settings.

Keep in mind

Attention: Don't mix up the general user permissions with the Group permissions, which can be set for each group type separately on top of the general user permissions!

Several aspects of the system have not yet been configured or fine-tuned in regards to permissions:

• Entity print engines
• Content revisions