Roles and Permissions
Rather than assigning individual permissions directly to each user, permissions are grouped into roles. You can define one or more roles on your site, and then grant permissions to each role.
Each user account on your site is automatically given the Authenticated user role, and may optionally be assigned one or more additional roles. When you assign a role to a user account, the user will have all the permissions of the role when logged in.
It’s a good practice to create several roles on your site.
GovCMS comes with a number of default roles:
  1. 1.
    Content Author
  2. 2.
    Content Approver
  3. 3.
    Site Administrator
To explore available roles, navigate to PeopleRoles.
Hint: When assigning permissions to a role, always give the least permissions necessary. Test permissions beforehand.

User roles analysis

In the case of our new Government Jobs Portal, our site needs three user roles:
  • Job Seeker: Job seekers can’t create any content in the site but can save job applications (webforms) and update their profile.
  • Content Author: These are the agency staff members who’ll be creating content for the website.
  • Content Approver: These are the agency staff members who’ll be approving content for publishing.

Exercise 1.2: Add new roles and users

In this exercise we’ll add our required roles of Job Seeker Content Author and Content Approver, then we’ll add users and assign roles to them.
  1. 1.
    Create a new role 1. Go to People → Roles 2. Add the Job Seeker role (the Content Author and Content Approver roles exist in GovCMS8 out-of-the-box) 3. Reorder the roles with the role with least permissions at the top, and the most permissions at the bottom. 4. Click Save ![A screenshot of a cell phone
    Description automatically generated](../.gitbook/assets/8%20%282%29.png)
  2. 2.
    Add users 1. Go to People 2. Add two test users:
  3. 3.
    testeditor - assign the Content Author role
  4. 4.
    testjobseeker - assign the Job Seeker role
  5. 5.
    Test user roles _**_Lastly, you need to test the new roles by logging in as the test accounts.
  6. 6.
    Option 1: Logout of the superuser user/1 account and log back in again as testeditor or testjobseeker.
  7. 7.
    Option 2: Open another browser and login as one of the test users.

Challenge exercise 1.4: Configure account settings