Inside Brightspot: Permissions in 4.0

The Whys

Each week, our Vice President of Product shares an email with the company that’s filled with the background story on why Brightspot’s features are the way they are. It’s not just how Brightspot works but why its features were engineered the way they were. Not one to keep secrets, we’re sharing her insights with you here, in a weekly column called “The Whys.” From creating vanity URLs to knowing the difference between a document and an attachment, these posts answer the questions anyone who publishes digital content has likely pondered.

Now that you understand why we set up permissions in Brightspot 3.0, it’s time for a lesson on the 4.0 permissions system.

1. All / All Except / Only / None

The 3.0 permissions system was built around the idea of giving users access to All / None / Some. We expanded that in 4.0 to make it more flexible.

Brightspot 4.0 permissions settings

Obviously, we kept All and None—those were easy, one-click adds. We expanded Some into two options: Only and All Except. They were basically designed to solve the problem of, "What? I have to unclick (or click) 100 things?!"

Some examples:

  • You have a user group that needs access only to two of 10 sites they run out of their multi-site CMS. Under Sites, add an Only permission and just those two sites.
  • You have a user group that needs access only to Images, Photo Galleries and Tags. Under Types, add an Only permission and those three content types.
  • You have a user group that can have access to everything in the CMS, except for a few sensitive content types (think User Groups and Subscription Licenses). Under Types, add an All Except permission and those sensitive types you don't want them to access.
  • You have a user group that can have access to everything in the CMS, except you don't want them using a "new" content type that the front end isn't quite developed for yet. Under types, add an All Except permission and hide the new content type there.

By adding Only and All Except, we gave admin users a choice about how they approach the creation of roles. This means less clicking, but it also necessitates a little more planning up front before creating a role. You'll want to think about if you are doing an All, an All Except or an Only.

Permissions is probably my favorite feature in Brightspot. The 4.0 permissions system was a labor of love that we spent many a late evening discussing, building and refining. Now that it’s out in the world, we want everyone to love it.

2. Workflow Transitions

We applied the same All / None / Only / All Except capability to the workflow transitions. So now, when you are configuring your Actions per content type, if you want a role to be able to do everything Except publish, or Only to Save/Submit ... it's a much easier "opt-in" sort of path.

Let's say you have a Role who should have access only to Save and Submit. Again, you'd pick an Only permission under the content type, and add Save and Submit. Or, you have a Role who can do all workflow steps, but you don't want them to be able to bulk edit or bulk archive. An All Except setting is going to be your best bet there.

3. Content Types and Tabs

We applied the same All / None / Only / All capability to content types. So, for our user group that needed access only to Images and Galleries, you can select Only, those two content types, and off you go. Let's go into what's included and configurable within the content types a bit more, because there's a lot:

  • Type: The options here are Content Type (same as always: Article, Gallery, Modules, etc.), External Types (Getty Images, AP Images, etc.) and Other Types (for types that don't display in the CMS UI).
  • Form: Remember Content Forms? This is where you associate a Content Form with a Role. So, if you don't want your Photo Editors to see the SEO tab on Images, you would create the Content Form for Images, and then within your role > Content Type > Images > you would associate that Content Form. This solved the problem of the disjointed Tabs. Now you can control whether or not a Tab displays to a particular role using a Content Form associated with that Content Type. (Yes, it's a little more work to configure, but it's also 10x more flexible.) The other benefit you get from Content Forms is that you can control the display of widgets, as well (widgets being things like URLs, Sites, Revision History and Conversations), which you couldn't do at all in the 3.0 permissions system.
  • Read-Only After Publish: We added this specifically at a customer request, and honestly, I question whether anyone will ever use it again. The idea is that this would come in handy if you wanted people to have all sorts of access, but they shouldn't be allowed to change the content again after it goes live for the first time.
  • Actions: These are your workflow actions. You get the All / All Except / Some / None capability.
  • Content: This is where it gets good. You get the same All / All Except / Some / None capability. What you CAN do here is:
  • Let a role see all of a particular content type (let's say a Homepage), but you don't want them to see some top-secret Homepage.
  • Let a role have access ONLY to one specific piece of content. Let's say you have a large newsroom where lead editors maintain their sections. You can give the Entertainment editor access to the Content Type: Section, but Only the Entertainment section, and then you never have to worry about the News and Entertainment editors arguing about who's made updates to whose page.
A Guide to Permissions and Roles Management

About the Author
Meredith Rodkey is VP of Platform Product Management & Solutions at Perfect Sense. She has focused on product management for nearly 10 years, contributing to major Brightspot engagements from U.S. News & World Report to Source Media and Healthgrades. In her previous life, Meredith worked as a homepage editor and writer for AOL.com, curating a daily experience for millions of users.
Everything you need to know about Brightspot is in our product catalog—100+ pages of in-depth detail.