常见的CMS角色和访问级别
[英]Common CMS roles and access levels
问题描述
I am currently writing a CMS and remember someone (it might have been on here) criticise the existing CMS for not having a robust enough user permissions system. 
我目前正在编写CMS并记住有人(可能已经在这里)批评现有的CMS没有足够强大的用户权限系统。 I've got a method planned out but it I feel it has fallen into the usual trap of being a bit too fine-grained which makes understanding and implementing it a horror for end users. 我有一个计划出来的方法,但我觉得它已陷入通常的陷阱,因为它太精细了,这使得理解和实施它对最终用户来说是一种恐怖。
I think having a range of default user roles with permissions would be the answer to this, so I suppose my question is this: 我认为拥有一系列具有权限的默认用户角色就是答案,所以我想我的问题是:
What are the default roles you would like to see in a CMS and what sort of permissions would be associated with these? 您希望在CMS中看到哪些默认角色以及与这些角色相关联的权限类型?
Thanks in advance! 提前致谢!
9 个解决方案
解决方案1
25 已采纳
This is the "best practice" I have ended up with in most projects and am very happy with: 这是我在大多数项目中最终得到的“最佳实践”,我非常满意:
1. Roles 1.角色
When it comes to roles, I recommend great flexibility, ie the ability to create and define user accounts and groups freely (roles like "contributor", "manager" etc. are not hard-coded, but put into a configuration file that can be changed per application) . 谈到角色时,我建议灵活性很高,即能够自由创建和定义用户帐户和组(“贡献者”,“管理员”等角色)不是硬编码的,而是放入可以是的配置文件中。根据申请变更) 。 The role configuration is unaccessible to the user, but the engine itself should be free from hard-coded roles. 角色配置对用户来说是不可访问的,但引擎本身应该没有硬编码角色。
2. Rights 2.权利
Rights is where things need to be easy to understand and implement . 权利是需要易于理解和实施的地方 。
I have made very good experiences working with, and checking against, very fine-grained rights on the code / API level : 我在代码/ API级别上使用并检查了非常细粒度的权限,我已经取得了非常好的经验:
- see 看到
- view 视图
- edit 编辑
- change name 更换名字
- rename 改名
- delete 删除
- move 移动
- change rights 改变权利
- etc. 等等
but the user never sees those . 但用户从未见过这些 。 For them, they are grouped into a very small number of "right groups": 对于他们来说,他们被归为极少数“正确的群体”:
- Read Only 只读
- Edit 编辑
- Administer = Move, rename.... 管理=移动,重命名....
The user never sees the "move" right, but only the "Administer" rights group. 用户永远不会看到“移动”权限,只能看到“管理”权限组。
That way, you retain the full power of fine-grained rights in your code for the future - you can, for example, easily accommodate for a rule like "interns must be able to edit pages, but not be able to change their titles, nor to delete them", adding a valuable asset to the CMS. 这样,您可以在未来的代码中保留细粒度权限的全部功能 - 例如,您可以轻松地适应“实习生必须能够编辑页面但无法更改其标题的规则”,也不删除它们“,向CMS添加有价值的资产。 For the end user, this functionality remains invisible, and the rights system easy to use. 对于最终用户,此功能仍然不可见,并且权限系统易于使用。
解决方案2
18
I asked this question a little bit ago and got the following response. 我刚才问了这个问题并得到了以下回复。
admin //Manage everything
manager //Manage most aspects of the site
editor //Scheduling and managing content
author //Write important content
contributors //Authors with limited rights
moderator //Moderate user content
member //Special user access
subscriber //Paying Average Joe
user //Average Joe
解决方案3
8
Have you researched existing solutions like RBAC ? 您是否研究过RBAC等现有解决方案? Whilst such a system would most likely be complete overkill for the particular nut you're trying to crack it would at least help to boost confidence that you're on the right track. 虽然这样的系统很可能对特定的坚果来说是完全矫枉过正的,但是你试图破解它至少有助于增强你对正确轨道的信心。
That aside, the general roles I'd expect would be along the lines of: 除此之外,我期望的一般角色将是:
Administator - Total control of the system, can view logs (as you should be logging all changes ), etc. plus... 管理员 - 对系统的完全控制,可以查看日志(因为您应该记录所有更改 )等等......
Publisher - Can put content live plus... 发布者 - 可以直播内容加...
Author - Can create content 作者 - 可以创建内容
However, how these roles are applied across the system is where things get tricky, as a specific user would presumably have different rights to different content areas/modules. 但是,如何在整个系统中应用这些角色是一件非常棘手的事情,因为特定用户可能会对不同的内容区域/模块拥有不同的权限。
解决方案4
5
For most applications, so I think it'll be true for CMSs as well, my customers usually prefer a rights-oriented approach. 对于大多数应用程序,我认为对于CMS也是如此,我的客户通常更喜欢以权利为导向的方法。 Here is how it goes : 这是怎么回事:
- You list the main actions. 您列出了主要操作。 In your CMS that would be : Create and edit content; 在您的CMS中,它将是:创建和编辑内容; Delete content; 删除内容; Classify/categorize content; 对内容进行分类/分类; Validate content; 验证内容; Publish content; 发布内容; Manage users; 管理用户; Etc. 等等。
- You define what actions are allowed or denied for each user 您可以定义每个用户允许或拒绝的操作
To make things a little better, you can create several roles (Editor; Administrator) to make typical users creation easier (by pre-filling the form when a role is chosen). 为了使事情变得更好,您可以创建多个角色(编辑器;管理员)以简化典型用户创建(通过在选择角色时预填表单)。
解决方案5
2
I have a custom CMS built on the Zend Framework that uses Zend's ACL to extends some basic roles (so you can deny resources specifically for additional users or allow others to access resources they normally couldn't). 我有一个基于Zend Framework构建的自定义CMS,它使用Zend的ACL来扩展一些基本角色(因此您可以专门为其他用户拒绝资源或允许其他人访问他们通常无法访问的资源)。 My basic roles go from CMS users all the way down to website "members" as follows (I just use one users table to store all my authentication). 我的基本角色从CMS用户一直到网站“成员”如下(我只使用一个用户表来存储我的所有身份验证)。
Developer 开发人员
Edit any content, edit layouts, settings, configuration. 编辑任何内容,编辑布局,设置,配置。 Use special tools that can call shell scripts and force cron jobs. 使用可以调用shell脚本和强制cron作业的特殊工具。
Admin 管理员
Edit any content, edit layouts, settings. 编辑任何内容,编辑布局,设置。
Author 作者
Edit content. 编辑内容。
Member 会员
Can view the login screen, forgot password and bug report. 可以查看登录界面,忘记密码和错误报告。
Now, Zend has a nice ACL implementation so you can easily extends your base ACL class and add new roles that extend from the basic roles. 现在,Zend有一个很好的ACL实现,因此您可以轻松扩展基本ACL类并添加从基本角色扩展的新角色。 So I might make an "Admin" who has access to one of the Developer tools (eg purge or cache management) or lock an author to only be able to manage blogs (and not for example news). 因此,我可以让“管理员”访问其中一个开发人员工具(例如清除或缓存管理)或锁定作者只能管理博客(而不是例如新闻)。
解决方案6
2
I wouldn't necessarily dismiss the fine grained control system you have now. 我不一定会忽略你现在拥有的细粒度控制系统。 If you have one that is adaptable focus on hiding away the complexity by providing a simplified interface (eg use the facade pattern or the adapter pattern). 如果您有一个适应性强调通过提供简化的界面(例如使用外观模式或适配器模式)来隐藏复杂性。 The benefits are that you provide users with the simplified version (simple permissions like 'admin' can 'delete' a 'post') while still retaining the fine grained features should you need them later (eg more complicated permission handling is to allow to delete posts when the post is your own post in category X). 好处是您为用户提供简化版本(简单权限,如'admin'可以'删除''帖子'),同时如果您以后需要它们仍保留细粒度功能(例如,更复杂的权限处理是允许删除帖子是你在X类别中的帖子时的帖子。 Then you can provide an alternative to the simplified version for that need in some places. 然后,您可以在某些地方为该需求提供简化版本的替代方案。
解决方案7
2
Admin : The one with all the rights 管理员 :拥有所有权利的人
Author : The one who has all rights to a specific content (like a blog author who owns the blog), also has the permissions to add/invite users to collaborate/view the content 作者 :对特定内容拥有所有权利的人(如拥有博客的博客作者),也有权添加/邀请用户协作/查看内容
Collaborator : The one who can edit/add content to which the author has given rights, cannot delete the content or invite/add more collaborators 协作者 :可以编辑/添加作者授予权限的内容的人,无法删除内容或邀请/添加更多协作者
Viewer : The one who can view the content if the author has invited to view 查看者 :如果作者邀请查看,则可以查看内容的人
Editors : The one who can approve/edit all types of content 编辑 :可以批准/编辑所有类型内容的人
Having a fine grain control is not a bad idea if you expect advanced users/developers to use the CMS. 如果您希望高级用户/开发人员使用CMS,那么精细控制颗粒并不是一个坏主意。 But for novice CMS managers, the basic roles make the system much more usable. 但对于新手CMS管理员来说,基本角色使系统更加实用。
解决方案8
1
Administrator - can create users + all below 管理员 - 可以在下面创建用户+全部
Editor - can edit posts of others + all below 编辑 - 可以编辑其他人的帖子+以下全部
Author - can write posts, edit own posts 作者 - 可以撰写帖子,编辑自己的帖子
解决方案9
0
Creator - responsible for creating and editing content. 创作者 - 负责创建和编辑内容。
Editor - responsible for tuning the content message and the style of delivery, including translation and localization. 编辑 - 负责调整内容消息和交付方式,包括翻译和本地化。
Publisher - responsible for releasing the content for use. 发布者 - 负责发布内容以供使用。
Administrator - responsible for managing access permissions to folders and files, usually accomplished by assigning access rights to user groups or roles. 管理员 - 负责管理对文件夹和文件的访问权限,通常通过为用户组或角色分配访问权限来完成。
Consumer, viewer or guest - the person who reads or otherwise takes in content after it is published or shared. 消费者,观众或访客 - 在发布或共享内容后阅读或以其他方式接收内容的人。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.