Organizations with multiple schools or subdomains often have distinct groups of admins responsible for different sections of the overall site. Rather than giving all site admins full access to every section, it's possible to allow admins full access to the pages that they maintain and only limited access to pages in other areas.
One way to do this is by editing the Composer Permissions for each site admin group. If your site uses multiple domains, you may want to manage this process using Locations instead.
Site admin groups
First, set up admin groups for each section of the site. Each site administrator must belong to one, and only one, site admin group. Site administrators can edit admin group membership by selecting "Admin Users" from the People menu in the Composer left navigation bar.
When viewing admin groups on the Admin Users screen, click on the the gray arrow button to the right of an admin's name to open a flyout menu where you can move the user to a different admin group, if necessary.
Global Composer permissions
After ensuring that all admins are sorted into the right groups, you can set the access rights for those groups in Composer.
From the Composer main menu, select "Permissions" to edit access levels for each site admin group. Use the dropdown menu in the "Pages" column to set the default level of access for the members of each site admin group.
Limit access to site sections
In Composer, the rights granted on the "Permissions" screen as described above are default rights. They control the level of access for members of each site admin group throughout all Composer pages, site-wide.
Restricting access to site sections is then done by navigating in Composer > Pages to the pages to be restricted and manually adjusting the rights levels for specific site admin groups. This can mean either elevating rights to allow editing, or removing rights to prevent editing.
As a best practice, one top-level site admin group should have full administrative rights. In Composer, the "Admin" permission level includes all view, edit, publish, and delete rights, as well as the right to edit other site admin groups' permission levels. Only top-level administrators should belong to this group.
Other site admins should belong to groups that are specific to the sections of the site that they maintain. These section-specific groups should be given the "View" right on the Composer Permissions screen. This will allow them to access, but not edit, all site pages. ("Not allowed" prevents the group's rights from being adjusted on a page level, so it is necessary to choose "View" or higher.)
Adjust page permissions
To grant editing access to a page or group of pages, navigate to that page (or the parent page) and click the gear icon in the bottom bar to open up the Page Settings.
Select the "Permissions" tab.
As on the Composer > Permissions screen, each site admin group is listed. Use the dropdown menu next to each group to override their default permissions and set a new permission level for this page and all of its child pages.
Note: Permissions set on a parent page will always cascade down to all of its child pages automatically. Child page settings cannot be more restrictive than parent page settings. The only exception to this rule is the "Not Allowed" setting, which can be employed to block editing access to a page entirely for members of the selected admin group.
Adjust branch permissions
It is also possible to apply permissions to an entire branch at once. Click on the three-dot menu next to the branch name in the Pages list and choose Settings.
On the "Permissions" tab, edit the rights for the site admin groups as you would for pages.
Please Sign in to leave a comment if you don't see the comment box below.