Documentation

Security profiles

Manage page security through Security profiles

ThoughtFarmer allows you to manage page security using Security profiles. This allows for specific sets of users to be easily added to the security settings for any page in the Security dialog. On each page you can give permission for individual users or groups of users to View & edit, or View only. If no permissions are given, users will be unaware that a page even exists.

Go to:


Managing Security Profiles

To manage security profiles, go to the Administration panelUsers & security section > Security profiles page.

Profiles are divided into three subtypes and have different options for configuration. They are:
  • System Profiles
  • Active Directory Mapped Profiles
  • Regular Profiles.

System profiles

There are three system profiles in ThoughtFarmer whose membership cannot be edited.
6.7Admin8812SystemProfiles.png

Guests

Contains only the guest user. This is the user that all guests log in as. This profile allows for management of what guests can and cannot access. Guests can never have "View and Edit" access.

Administrators

This profile contains all users that are currently in Admin mode. This profile is used internally and is not able to be managed on a content by content basis. All users in the Admin security profile have "View and Edit" access to all content.

All Registered Users

This profile contains all users that actually have a profile in ThoughtFarmer. Anytime a user is created they are automatically added to this group. The default page security on a blank install sets the owner of a page with "View & Edit" permissions and All Registered Users with "View only" permissions. Once permissions throughout the site are modified this will be dependent on permission inheritance.

Editing security profiles

There is only one configuration option when you click Edit beside the system profiles; this is whether to display the group in the Security dialog box. You are also shown a list of all pages the group currently has explicit permissions on. Explicit permissions means all top level permissions that have been deliberately applied, rather than implicitly through page security inheritance. The list of pages shows for all profile types.
 

Active Directory mapped profiles

In order for security profiles to be mapped to Active Directory (AD) profiles, AD integration must be enabled on the Login provider (7.1.1) or Active Directory (7.1.0) page. The AD mapped profile will show the name of the security profile followed by the name of the mapped to AD group in brackets.

To create a new AD mapped profile. Click Add new security profile at the top of the page. Type in a Profile name and select Map members from Active Directory group. Selecting the checkbox Display in security settings allows the new group to be displayed in the security settings dialog for a page. If AD configuration settings are correct, you should be able to select from a dropdown box with a pre-populated list of all available Security Groups in your Active Directory.
6.7Admin8812NewProfile.png
Click Save profile. Once you save the new profile all members will be imported from the AD membership for that group.

You can edit an existing group by clicking the gear icon under the Action column beside the group, and selecting Edit from the menu that opens. This allows you to change the name, the mapped group, and to toggle the display mode for the Security settings dialog. You can also choose to select members manually. This will keep all current members but the group will become a Regular profile (see below).

On an AD mapped group, clicking the gear icon and selecting Members from the menu shows you the list of current members. For security reasons AD is always considered the master for membership of security groups. You cannot edit membership from ThoughtFarmer. To alter membership you will need to change membership in the correct AD security group and then wait for the daily scheduled tasks to run (if configured), or perform an On-Demand Synchronization. Simply clicking Edit and Save profile on an AD mapped profile will trigger a re-sync with AD membership.

See Active Directory synchronization tasks for 7.1.1 or Active Directory synchronization tasks for 7.1.0 for more information on the above-mentioned synchronization tasks.
 

Regular profiles

Regular profiles can be created the same way as AD mapped profiles except that you choose the option Select members manually when creating them. In this way you can manage membership of these security profiles from ThoughtFarmer. On a regular profile, clicking the gear icon and selecting Members from the menu that opens will take you to a two column dialog box that lets you manually select security profile membership by dragging-and-dropping user names between the two columns. (To select multiple names for drag-and-drop, hold down SHIFT while clicking to select a list of consecutive names. Hold down CTRL while clicking to select multiple non-consecutive names.)
6.7Admin8812RegularProfile.png
As with an AD mapped profile, you can edit the configuration at any time. However, when you switch a regular profile to an AD mapped profile and save, all previous membership is lost and the security profile now contains the membership as it is in the mapped to AD group.