A review of the mechanics behind Joomla's ACL, then a discussion as to how one can leverage a role-based access control system through Joomla - to improve the user experience for those managing the website and its content.
Please open the tab below to view my NOTES PER SLIDE.
A CMS has many users: authors, SEO experts, ecommerce, marketing, site managers, etc. Each has different roles and goals for accessing the website. How do we improve the user experience for each of those to help them do their jobs and accomplish their goals? See and learn how we can do better than do-it-yourself tools and using a CMS out-of-the-box.
The issues are presented as challenges to any CMS and web project, and the implemented solutions are demonstrated in Joomla.
How a centralized audit management system transformed our teamACL Services
Session from ACL Connections 2016
You understand the value that audit management technology can play in enabling success with your team, but are you overwhelmed
by the process of implementing software? In this tell-all hour, an ACL customer shares a window into their migration onto a
centralized system for managing projects, issues, and actions—including their thought process, approach, pitfalls and successes. She
will also share how ACL professional services helped her make critical change management decisions and mapped her processes to
ACL GRC functionalities. This session is intended for those who are interested in purchasing and implementing a new audit
management system as well as current ACL GRC users who want to learn how one of their peers is taking full advantage of the tool.
Key learning outcomes:
• Learn about the different factors that went into selecting a new tool
• Understand the challenges in the onboarding, migration and change management process of implementing a new audit
management system
• Learn how ACL professional services helped them transform their vision into reality, and made it easy for their team to
adopt
• See how their team is using project templates, and automating communication of issues and action plans
• Understand what the benefits have been so far and where the organization plans to go next
data scientist the sexiest job of the 21st centuryFrank Kienle
Invited talk, describing the exciting work at Blue Yonder (www.blue-yonder.com),
'congress smart services - new business models' in Aachen, Germany 2015
A CMS has many users: authors, SEO experts, ecommerce, marketing, site managers, etc. Each has different roles and goals for accessing the website. How do we improve the user experience for each of those to help them do their jobs and accomplish their goals? See and learn how we can do better than do-it-yourself tools and using a CMS out-of-the-box.
The issues are presented as challenges to any CMS and web project, and the implemented solutions are demonstrated in Joomla.
How a centralized audit management system transformed our teamACL Services
Session from ACL Connections 2016
You understand the value that audit management technology can play in enabling success with your team, but are you overwhelmed
by the process of implementing software? In this tell-all hour, an ACL customer shares a window into their migration onto a
centralized system for managing projects, issues, and actions—including their thought process, approach, pitfalls and successes. She
will also share how ACL professional services helped her make critical change management decisions and mapped her processes to
ACL GRC functionalities. This session is intended for those who are interested in purchasing and implementing a new audit
management system as well as current ACL GRC users who want to learn how one of their peers is taking full advantage of the tool.
Key learning outcomes:
• Learn about the different factors that went into selecting a new tool
• Understand the challenges in the onboarding, migration and change management process of implementing a new audit
management system
• Learn how ACL professional services helped them transform their vision into reality, and made it easy for their team to
adopt
• See how their team is using project templates, and automating communication of issues and action plans
• Understand what the benefits have been so far and where the organization plans to go next
data scientist the sexiest job of the 21st centuryFrank Kienle
Invited talk, describing the exciting work at Blue Yonder (www.blue-yonder.com),
'congress smart services - new business models' in Aachen, Germany 2015
El objetivo principal de este curso es apoyar en el entendimiento y la implantación de la innovación en las organizaciones, de forma que les permita integrarla en su gestión empresarial de una forma práctica.
El objetivo principal de este curso es apoyar en el entendimiento y la implantación de la innovación en las organizaciones, de forma que les permita integrarla en su gestión empresarial de una forma práctica.
Here at Veruscript, we have many edge case scenarios where we need fine-grained access controls in our academic journal publishing platform.
Therefore performing authorisation to a resource by analysing any number of arbitrary attributes allows for the application to scale appropriately. Known as Attribute-Based Access Control (ABAC), these attributes are evaluated regardless of context; This could be username, role, organisation, domain, time-of-day, country, is the Queen of England, because the sky is blue, etc.
It is why Security Voters are the recommended way to check for user permissions in Symfony applications. Security Voters provide a mechanism that has a small learning curve to set up these fine-grained restrictions in Symfony applications using attributes.
In the simplest case, only a minimal amount of setup and configuration is required, the main advantage over ACLs. In the most complex case, policies can be added or modified without significant changes to the codebase.
The talk will compare different access control paradigms: ABAC, RBAC and ACL, and will look into detail one specification for ABAC - Extensible Access Control Markup Language (XACML) and how this might be implemented in Symfony, for those considering a more "enterprise" use of Security Voters.
Why does managing Permissions in OpenText Content Server have to be so hard! Well, it doesn't. Fastman Permissions Manager is the only product purpose built to view, manage, and administer permissions in OpenText Content Server.
Bottom line: without Permissions Manager your data in Content Server remains at risk of unauthorized access. With Permissions Manager you can mitigate that risk, reduce the operational cost of managing permissions, and ensure compliance with regulatory and business policy
Access Control Facilities in Oracle Database 11g r2Amin Saqi
In this document we will introduce some access control facilities in Oracle Database 11gR2 (Oracle from now on) and discuss about how we can achieve a certain access control need in it and with its available capabilities.
How Joomla! builds a webpage (annotated)Randy Carey
Understand how Joomla builds its output. We discuss the implications regarding flexibility, plugins, cache, and special formatting such as JSON as an API response.
When a site is out-of-date and/or its CMS is limited, often the best solution is a site migration. The migration is an opportunity to implement an entirely new look-and-feel, mobilize the site, fix navigation, re-assess the site’s goals, and re-organize content. A migration provides an opportunity to run the site on a CMS that is more powerful and more user-friendly like Joomla.
Randy is the migration lead and content strategist for the migration project of the Joomla! Community Magazine which includes over a thousand articles filled with links, images, and attachments. He will share the challenges that the project faces, the strategy for migration, and a high-level explanation of the approach in Joomla. The discussion will be suitable for the business-minded who must understand the issues and make decisions accordingly as well as for the developer who must implement a solution.
Streamlining the Client's Workflows (in Joomla)Randy Carey
When our client or their staff login to manage their site and content, they have specific tasks in mind. This presentation demonstrates how we can identify these tasks and develop each into an intuitive set of streamlined steps. We will be examining ways to reduce the number of steps, reduce clutter, and make the entire process intuitive for our client.
We can help our clients better manager their websites and web content if we give them a CMS interface that is tailored to their needs. So instead of expecting them to use a one-size-fits-all admin template, we provide a client template that is tailored to those who will be managing the website through the CMS.
This presentation, delivered at the 2013 Joomla World Conference, illustrates the client template and how it can be tailored.
Joomla Modules with Permissions and Front-End EditingRandy Carey
Imaging a Joomla website where staff can edit modules on the front-end. Randy Carey of the iCue Project presents his work on making this a reality and on the issues he discovered during implementation of the solution. This presentation was given at JAB 2013 near Amsterdam.
Improving the Client's User Experience - JAB 2012Randy Carey
An applied strategy for improving the CMS user experience from the client's perspective. Presented at J and Beyond 2012, Bad Nauheim, Germany.
See slide notes for slide-by-slide comments.
Improving Joomla’s Backend User ExperienceRandy Carey
Two types of users access a CMS - the developer and those managing a site's content. Each uses the CMS with different goals and usually with different capabilities. This presentation focuses on tailoring Joomla to give our client's an improved user experience.
Presented at Joomla Day Midwest (Nov 12, 2011 - Milwaukee, WI USA)
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
2. This is the revised 2014 version of my
presentation Role-Based ACL.
Many of the slides here have been slightly
changed to accommodate annotations. This
helps to convey meaning beyond the
pictures.
3. My current work is with the iCueProject.com.
Here we see the problem of the CMS is that it provides only
one interface to be used by two different types of users…
4. A better approach is to provide a separate CMS interface
to each of the two user types.
Actually, we can do better yet to provide personalized user experiences
for each user group. The starting point of doing this is with the ACL –
and setting up the ACL with roles.
5. I’ll start by explaining the ‘mechanics’ of Joomla’s ACL.
13. Groups are the foundation of Joomla’s ACL.
They know only their name and which other group is its parent.
They don’t know about any other parts of the ACL or of Joomla.
Simple. Yet this allow us to create a rich expression of roles
through custom hierarchies.
14. Users are connected to the ACL by assigning them to groups.
This is the only direct connection they have with the ACL.
Each user can be associated to any number of groups and
in any combination.
15. Next we look at what I call “resources.”
These are the other parts of Joomla that connect to the ACL.
Technically, these are not part of the ACL – they connect
to the ACL system only by referencing it.
16. Currently, permissions are provided only by the site configuration,
by components (and their categories/items), and by modules.
Menu items and plugins do not implement permissions.
Permissions are part of the ACL, but it is the responsibility of the resource
to provide a list of “actions” for which the ACL can assign permissions.
Unfortunately, in some cases, developers don’t do this.
17. Another thing to note…
For each resource, the permissions screen automatically presents
us with the set of user groups currently held by the ACL. And within each
of these user groups is the set of actions that the resource declares.
So permissions are always within the context of the resource first,
then within each of the groups, and finally (within each group) assigned per action.
18. In contrast to permissions, all resources reference access levels.
Also in contrast to permissions,
each resource references one-and-only-one access level.
19. Each access level simply defines some set of groups.
If any person belongs to any of the groups selected by that access level item,
Then that person is included by this access item.
So for any resource, the ACL evaluates if the current user is included by that
Resource’s access level. If so, then the user has access to the resource.
If not, then the user does not have access.
20. Note: a better term for this item is access list – as its role is to provide a
formula that determines which users that are included (having access).
These do not confer “level,” and that term is an unfortunate carry-over
from the ACL in 1.5.
22. ACL
permissions personalization
When we think of ACL we probably think “permissions.” but “permissions is
Just one side of the coin. The other side is “personalization.”
Next we’ll discuss permissions. But later we will talk about personalization.
24. Permissions (& actions)
Permissions are managed by the ACL,
but for logical reasons, the component is responsible for three things.
Let’s look at those…
25. Permissions (& actions)
1
For permissions to apply to a component, that component must declare
a list of actions relevant for it and its data.
Below you see the traditional/core actions (create, delete, edit, etc.)
26. Permissions (& actions)
1
But many developers can do better
by offering actions specific to the
component’s type and data.
Shown to the left here are the rich set
of actions provided by EasyBlog.
27. Permissions (& actions)
1
2
The component is responsible for offering ACL at the desired
level of granularity:
component, category, and item.
The ACL cannot force a component to implement permissions –
even at the component level. Frustratingly, some developers don’t offer
any permissions on their extension!
28. Permissions (& actions)rc
1
2
3
enforce result
It is the component’s responsibility to enforce
permissions and to enforce them correctly.
The ACL can only respond as to whether or not
the current user has permission, but the ACL itself
cannot enforce the permission.
31. 1. for a particular action
2. Each of the user’s groups
The ACL considers each group to which the user belongs.
Keep in mind that if a user belongs to a group with a parent, then the ACL assumes
the user belongs to each parent group tracing back to Public. In this example,
belonging to B1 also includes user group B.
32. The formula is simple.
FIRST: Consider the permission settings for each group to which
the user belongs – without considering where that group falls
within the group hierarchy.
33. THEN: Evaluate the set of permission settings (in any order)
• If all the permissions are set to Inherit, the result is deny.
• If at least one permission is Allow but none are Deny, the result is allow.
• If any one of the permissions is Deny, the result is deny – regardless of
any other Allows that might be present. A single Deny anywhere results in deny.
34. 1. for a particular action
2. Each of the user’s groups
3. For extension, category, & object
The same applies to when we need to include
the permissions on categories and objects.
Just look at the permission settings of each of the user’s groups
at each level: component, category, and object.
35. 1. for a particular action
2. Each of the user’s groups
3. For extension, category, & object
Rely on the same formula:
• All Inherits is deny.
• One or more Allow is allow
• A single Deny cancels all Allows
and results in deny
36. So let’s look a permission calculcations from a different data model…
37. If the component level is set to Allow and nothing is set on the category or object…
All items are allowed. All new items are allowed.
All new items in a new category will be allowed.
38. If the component level is not set…
All items allowed –
even new items within this category.
No items are allowed –
new items will not be allowed.
Selected items are allowed –
other are not allowed and
new items will not be allowed
39. All items denied –
even new items within this category.
The Denied items are denied, but
All other items and those that are
created later will be allowed
All items denyed –
even new items within this category.
Even an Allow on the item will not
undo the Deny on the category.
When the component is allowed by a Deny is set inside it…
40. ACL Manager is a great tool for helping you see the results of your ACL settings.
42. RBAC1
Users can be assigned to one
or more roles. The thin lines
denote these connections are
easily made or changed
Users Roles Permissions
The ACL Rules assigns permissions
to each role. The thick arrows
denote that these do not change
often and can demand more
technical knowledge to set up.
43. RBAC1
Joomla accommodates this. If we treat a user group as a role,
then we have what we need to implement role-based access control.
Users are assigned to
one or more roles. Each role is assigned
to a set of permissions
45. 1.5 vs 2.5/3.x
1.5 delivered a totem-pole approach to groups.
2.5 allows for sibling groups.
46. 1.5 vs 2.5/3.x
1.5 has a fixed set of groups
2.5 allows us to create groups as we need them…
…and to place them wherever we want within the group hierarchy.
47. 1.5 vs 2.5/3.x
In 1.5 a user belonged to one place on the ‘totem pole’ of groups.
In 2.5 we can assign any user to any combination of groups
48. 1.5 vs 2.5/3.x
In 1.5 the permission were pre-assigned are rather fixed for each group
In 2.5 a component can declare the actions, and each actin can have its own
permissions settings.
We can set a permission as we want: on whichever actions for whichever groups.
49. 1.5 vs 2.5/3.x
Since 2.5 we can set permissions at the category and object levels.
50. 1.5 vs 2.5/3.x
And the new ACL allows developers
to declare a rich set of actions that are
specific to the component.
51. 1.5 vs 2.5/3.x
Whereas the old ACL gave us only 3 access levels
…that imposed levels (no sibling items)
...and we could not change
In the new ACL we have real access lists
…we create as many as we want
…each item is a sibling (no imposed levels)
…we can configure each as we want/need
52. The new ACL offers so much more than the
old one did.
So why does the 2.5 and 3.x ACL look so
similar!?!
53. 1.5 2.5/3.x
The new ACL offers so
much more than the old
one did.
But to help users understand
the ACL, the out-of-the-box
configuration mimicked what
users knew from 1.5.
…The unintended consequence
is that many 2.5 users
maintained their 1.5 mindset
about the new ACL. But the
new ACL was not meant to
be limited to that!
54. 1.5 2.5/3.x role-based
The role-based approach exploits
the new features of Joomla’s ACL
and it leads us to a different look.
65. What does role-based buy us?
Flexibility
– as staff and staff assignments change over time
66. What does role-based buy us?
Ease of Comprehension
– for business people using the CMS
A staff person does not have to understand
ACL and permissions to quickly and easily
assign a person to a role.
68. roles
permissions personalization
Now its time to look at the other
side of the coin – using roles to
reflect personalization of the user’s
experience with the CMS.
69. Role-Based Joomla!
We can leverage roles to reflect what the user sees
when logging in to the backend
70. County Auditor’s dashboard
I built a site for a county that had over 20 departments.
Each department was represented by a role (user group).
When a staff member logged in, she would see the quick
links for the department to which she belonged.
Here is what the staff for the Auditor/Treasurer would see.
71. Auditor’s department pages
And each link led to a list of items with the filter
preset to those of that department’s category.
72. Auditor’s JCE settings
The JCE editor was preset so that
its image manager and document
manager would give that user
access only to the directory
dedicated to that department.
A user could not add or delete assets
only for any department but his own.
74. County Webmaster’s dashboard
The person who is a site’s webmaster
usually includes multiple administrative
roles – including access to site reports.
75. before
after
HikaShop product pageOne can use roles to show only the form fields that a user needs to access. This
usually takes a little bit of code in a layout override.
I am developing a tool that allows a site integrator to configure this per role,
without having to code the solution.
77. I first create a base usergroup that grants nothing but
access to the backend. All backend roles will extend
from this.
78.
79. Role-based implies:
Then I create a user group (white) for each role, and an
access level item (red) for each of these role-based user
groups. Each of these access level items includes only
it’s associated user group.
80.
81. Typically, a role will be associated with only one component.
Set the permissions on this role only for that component and for
that role’s user group. Leave all other permissions as inherit.
82. Create an access level item for
each role. For each of these access
level items, assign it to include only
the corresponding user group.
83. My preference is to prefix
each role-based access level
with a tilde ~. It helps me
navigate the dropdown list
when assigning an access
level.
84. Then I create an admin module
of quick links for each role.
The access level for each of
these access levels is set
accordingly.
85. The admin template uses module
positions, so identify the position
to use for each of your role-based
admin modules.
86. As a result, one sees only the
quick links modules for the roles
to which she is assigned.
87. assignment
Often overlooked is the important
role of user manager. This itself
should be a role, and whoever is
assigned it has the power of your
ACL in his hands.
As I’ve worked on CMS-based projects over the past few years I’ve come to believe that we should not be giving our end users the same CMs interface that we use to build the site.
I believe we deliver added value when we deliver a CMS experience that is tailored to the needs and capabilities of those who will be maintaining the site and its content.
I realize that for some this is an unconventional approach. But I believe it is the rigth thing to do
Groups are related in a tree structure – groups can be independent of other groups. Use to be: arranged linearly as increasing levels, with each group contributing or inheriting to any other group.
Custom groups can be created and added anywhere within the group hierarchy.
User can belong to multiple groups and any combination of groups
Permissions can be set independently per group.
Permissions can be extended to category and object levels.
We are not bound to just the core actions: Extension developers can create a set of specialized actions that are appropriate for that extension.
We can create and configure access list items however we want.
A year ago I built a county website. The county had about 20 different usergroups for its departments and sub-departments. Each backend user is assigned to a usergroup representing a department. As a result, when that person logs in, he or she sees a list of tasks as you see here. Each task is preset to lead to an item or list of items filtered to that department.
How does this improve workflow? The user sees only those few links relevant to his/her role. And the user doe not have to navigate through filters each time to find the content to edit. Security is included, of course. But the user of department-specific usergroups improves usability and streamlines the user’s workflow.
Here is an example of the list of articles that the auditor reaches when clicking to see a list of department pages. Prefiltered to show just that departments pages, and every new item is preset to that department’s category.
Even the JCE toolbar is tuned with a profile for each department. For instance, clicking on an insert button (image, document, media), the popup opens to the directory for that department.
Workflow is advanced because the user does not have to navigate to his/her directory, and all items uploaded are automatically uploaded to that department’s directory.
Here is an example of the dashboard for anyone belong to the Sheriff’s department. In this case, the sheriff’s department includes a couple of sub departments, so those tasks are grouped accordingly and displayed.
The IT department includes a webmaster and site administrator. We also give this user roles like Security and front page management of announcements, events, and a gallery.
Note that even though this is the webmaster, I didn’t give this user full admin access. They have a super admin account to user perchance they need that level of control. But as a webmaster, that user just needs what you see here – nothing displaying that is not needed
By overriding the layout file for the HikaShop products page, I was able the significantly reduce the form’s footprint.
This introduces a new discipline into the field of web development.
The first part is what is discovering what is the appropriate user experience for any given client and the staff managing the site.
The second part is developing the skill and toolset for building this tailored experience.
I acknowledge that this requires extra work from the website developer. But I feel this provides additional value to the client. And in a competitive market, this is an added value that will win business and set your services apart.
In this presentation we will be looking at streamlining workflows, and in the latter minutes I would like to demo some of the tools that help us do that.
Evaluate which buttons the user needs – really needs.
Maybe we give them something simple like this.
---------
On a related note… There is a growing revolution emerging within the fields of content strategy and mobile development. It is a revolt against the idea of giving content managers toolbars for editing content as if it were a Word document. The argument is that content should be separated from form. The end users think they are designing for one platform – the desktop – and as a result the mobile display can suffer – suffer greatly. Not just mobile, but also RSS feeds, and perhaps more. While some tags can help to qualify pieces of content, these should be free of formatting that maybe should be rendered differently on different platforms. The movement says we (site developers) need to train our users that editing content on the web is not the same as editing a Word doc. Don’t give out users that idea, and don’t give them the toolbar to treat content that way.
Point here being – we should try to give as few toolbar buttons as we can.