Roles and Permission Sets: Revision 1
Back to Socialtext Documentation.
Socialtext has fine-grained authorization and access control, organized by user roles and permissions for each workspace. Socialtext predefines seven different types of workspace configurations that meet common needs. If you need different configurations, contact your appliance system administrator or, for the Socialtext hosted service, email@example.com
Socialtext implements authorization by user roles. Each user role has a set of activities they are permitted to do (permissions). There are four user roles:
Anyone in the world who has web access to your appliance or the Socialtext hosted service. A guest user is anonymous and unidentified.
Anyone who has registered and obtained a user account on your appliance or, for the Socialtext hosted service, with Socialtext. A user can register by setting a password, setting an optional full name, and replying to a confirmation email. The user only needs to register once for all login-to-edit public workspaces on the appliance or Socialtext hosted service.
A registered user who is an invited member of a workspace. A member must be invited by a workspace administrator.
Workspace administrator (admin)
A member of a workspace who has been granted additional administrator privileges. An admin can delegate to or revoke administrative privileges from other users.
Workspaces and Roles
Each workspace has a set of permissions for each user role. A given user may play a different role in different workspaces. For example, a user can be an admin in one workspace and a guest in another. There are several standard workspace types that have permission sets and configurations to fit different needs. If needed, you can change the permissions of any user role to create custom permissions for a workspace.
Standard Workspace Types
Socialtext provides several different types of workspaces to fit different needs. Private workspaces are common for business use. Private workspaces are accessible only by members of that workspace. Alternatively, you can use public workspaces to share a workspace with others. The predefined workspace types are named by a permission set name. The predefined workspace types are:
By default, all workspaces are private. The workspace can only be accessed by members. By default, anyone can email into the workspace. You can ask your appliance administrator to change the configuration so the workspace accepts emails from authenticated users only, members only, or so that the workspace cannot receive any email. The permission set name for this workspace type is: member-only
Private Login-to-Edit workspace
Any authenticated user on your appliance or, for the Socialtext hosted service, an authenticated user of Socialtext can modify the workspace. However, the workspace remains inaccesible to guest users. The permission set name for this workspace type is: authenticated-user-only
Public Login-to-Edit workspace
The workspace is open to anyone to read. In order to modify the workspace, the user must be registered as an authenticated user. The permission set name for this workspace type is: public-authenticate-to-edit
Public Read-Only workspace
The workspace allows anyone to read the workspace. Only members can modify it. The permission set name for this workspace type is: public-read-only
Public Read-and-Comment-Only workspace
The workspace allows anyone to read the workspace and submit comments on pages. Only members can modify it. The permission set name for this workspace type is: public-comment-only
Fully Public workspace
The workspace is open to anyone to read, comment, or edit. However, guests and authenticated users are not able to do some potentially risky actions such as sending email, uploading files, and deleting pages. The permission set name for this workspace type is: public
The intranet configuration is used most commonly on appliances. The workspace is open to anyone to read, comment, or edit. Guest users have all permissions available to members, including sending email, uploading files, and deleting pages. The permission set name for this workspace type is: intranet
Differences from Socialtext 1.9.4 and earlier
The authenticated user role enables a user to "sign their work" with their name and set personal preferences in public workspaces without needing to be an invited member of a workspace.
It solves a problem in previous versions, where guest users could set preferences which were recorded in a cookie. When the cookie expired, the users were not able to change those preferences.
Back to Socialtext Documentation.