Cmsmadesimple User Management: Roles and Permissions

This section covers user management, roles, and permissions for CMS Made Simple and associated analytics tools.

Overview

CMS Made Simple provides a flexible user management system that allows administrators to control access to the content management system and its various features. The platform uses a group-based permissions model where users are assigned to groups, and groups are granted specific permissions. This approach enables efficient management of user access across multiple users with similar roles.

Understanding user management in CMS Made Simple is essential for maintaining security, ensuring proper content workflow, and protecting your website from unauthorized access or modifications.

Platform User Management

• Roles & Permissions - Understanding user roles
• Adding & Removing Users - User administration

User Roles and Permissions

CMS Made Simple uses a group-based permission system rather than predefined roles. However, typical implementations include:

Administrator Group

• Full access to all CMS features and settings
• Can create, modify, and delete users and groups
• Can install and configure modules and extensions
• Access to system settings and database operations
• Can manage templates and stylesheets
• Full file manager access

Editor Group

• Can create, edit, and publish content pages
• Access to content management features
• Can upload and manage media files
• Cannot modify system settings or user accounts
• Limited or no access to templates and design elements

Author/Contributor Group

• Can create and edit their own content
• Content may require approval before publishing
• Limited file upload capabilities
• No access to other users' content
• Cannot modify site structure or settings

Custom Groups

CMS Made Simple allows creation of custom groups with specific permission combinations to match organizational needs.

Accessing User Management

To access user management features in CMS Made Simple:

1. Log in to the CMS Made Simple admin panel
2. Navigate to Extensions > User Management in the admin menu
3. Alternatively, go to Site Admin > Global Settings > User & Groups
4. From here you can manage users, groups, and permissions

The User Management interface provides sections for:

• Users: View, add, edit, and remove user accounts
• Groups: Create and manage user groups
• Permissions: Configure group permissions across different modules
• User Settings: Configure password policies and login requirements

Adding and Inviting Users

Creating New Users

1. Navigate to Extensions > User Management > Users
2. Click Add New User
3. Enter required information:
   • Username (must be unique)
   • Email address
   • First and last name
   • Password (must meet complexity requirements)
4. Assign user to appropriate group(s)
5. Set additional properties:
   • Active status
   • Admin access (if applicable)
   • Home page after login
6. Click Submit to create the user

User Invitation Process

CMS Made Simple does not have a built-in email invitation system. New users must be created manually by administrators, and credentials should be communicated securely:

1. Create the user account as described above
2. Generate a strong initial password
3. Communicate credentials to the user through secure channels (not email)
4. Instruct the user to change their password upon first login
5. Enable the "Force password change on next login" option if available through custom modules

Role Assignment and Management

Assigning Groups to Users

1. Navigate to the user's profile in User Management
2. Select the Groups tab or section
3. Check the boxes for groups the user should belong to
4. Users can belong to multiple groups
5. Permissions are cumulative across all assigned groups
6. Save changes

Modifying Group Permissions

1. Navigate to User Management > Groups
2. Select the group to modify
3. Click on Permissions tab
4. Review and adjust permissions for:
   • Core CMS functions (pages, content, news)
   • File management
   • Module-specific permissions
   • Administrative functions
5. Use permission templates for common configurations
6. Save changes

Permission Inheritance

Permissions in CMS Made Simple are additive. If a user belongs to multiple groups, they receive the combined permissions of all groups. There is no permission denial or subtraction.

Security Recommendations

Authentication Security

1. Strong Password Policy

   • Require minimum 12-character passwords
   • Enforce complexity requirements (uppercase, lowercase, numbers, symbols)
   • Implement password expiration (90 days recommended)
   • Prevent password reuse (store last 5 passwords)

2. Account Security

   • Enable automatic account lockout after failed login attempts
   • Set lockout duration (15-30 minutes recommended)
   • Implement session timeout for inactive users
   • Use HTTPS for all admin panel access

3. Access Control

   • Limit the number of administrator accounts
   • Regularly audit group memberships
   • Remove inactive user accounts promptly
   • Use dedicated accounts (avoid sharing credentials)

Administrative Safeguards

1. Backup Admin Account

   • Maintain a separate "emergency" admin account
   • Store credentials in secure password manager
   • Only use for account recovery situations
   • Disable when not needed

2. Two-Factor Authentication

   • Consider implementing 2FA through third-party modules
   • Require 2FA for all administrator accounts
   • Provide backup authentication methods

3. IP Restrictions

   • Limit admin panel access to specific IP addresses when possible
   • Use .htaccess rules for additional protection
   • Implement VPN requirements for remote access

4. Activity Monitoring

   • Enable admin action logging
   • Review logs regularly for suspicious activity
   • Monitor failed login attempts
   • Track content changes and user actions

Common Issues and Solutions

Users Cannot Login

Symptoms: Valid credentials rejected, account appears active

Solutions:

• Verify account status is set to "Active"
• Check if account is locked due to failed login attempts
• Confirm password hasn't expired
• Clear browser cache and cookies
• Verify database connection is functioning
• Check for conflicting authentication modules

Missing Permissions

Symptoms: Users cannot access features they should have

Solutions:

• Verify user is assigned to correct group(s)
• Check group permissions configuration
• Confirm module permissions are properly set
• Clear CMS cache after permission changes
• Review permission inheritance across multiple groups
• Check for module-specific permission requirements

Password Reset Issues

Symptoms: Password reset emails not received

Solutions:

• Verify mail server configuration in CMS settings
• Check spam/junk folders
• Test email functionality with test message
• Manually reset password from admin panel
• Verify email address is correct in user profile
• Check server mail logs for errors

Group Permission Conflicts

Symptoms: Unexpected access or denial of features

Solutions:

• Review all groups the user belongs to
• Remember permissions are cumulative
• Remove user from unnecessary groups
• Create specific groups for unique permission needs
• Document group purposes and permissions

Analytics Tool Access

Google Analytics 4

Manage GA4 access in Admin > Account/Property Access Management:

• Administrator: Full control over account and all properties
• Editor: Can modify configurations and create/edit reports
• Analyst: Can create reports and configure shared assets, no config changes
• Viewer: Read-only access to reports and data

Best practices for GA4 access:

• Assign Viewer role by default
• Grant Editor access only to marketing team members
• Limit Administrator access to 2-3 trusted individuals
• Use Google Groups for team-based access management
• Regularly review and audit user access

Google Tag Manager

Manage GTM access in Admin > User Management:

• Administrator: Full control over container and user management
• Publish: Can publish container changes to production
• Approve: Can approve changes but not publish
• Edit: Can edit tags, triggers, and variables but not approve/publish
• Read: View-only access to container configuration

GTM access workflow:

• Use Read access for stakeholders and analysts
• Grant Edit access to developers and marketers
• Limit Approve access to team leads
• Restrict Publish to 2-3 senior team members
• Implement container versioning and testing procedures

Meta Business Manager

Manage access in Business Settings > People:

• Admin: Full control over Business Manager and all assets
• Employee: Limited access based on assigned assets and roles

Additional Meta pixel and conversion API considerations:

• Assign asset-specific roles rather than full admin access
• Use partner access for agency relationships
• Regularly audit connected accounts and integrations
• Remove access for former employees immediately

Best Practices

User Management Strategy

1. Principle of Least Privilege: Grant minimum required access

   • Start with minimal permissions
   • Add permissions only when needed and justified
   • Review and reduce excessive permissions regularly

2. Regular Access Audits: Review access quarterly or bi-annually

   • Identify and remove inactive accounts
   • Verify group memberships are still appropriate
   • Confirm permission levels match current job roles
   • Document audit findings and actions taken

3. Separate Accounts: Don't share login credentials

   • Create individual accounts for each user
   • Avoid generic "admin" or "webmaster" accounts
   • Use service accounts for automated processes
   • Maintain clear accountability for all actions

4. Document Access: Maintain a record of who has access to what

   • Keep spreadsheet of all user accounts and roles
   • Document purpose for elevated permissions
   • Track when access was granted and by whom
   • Include contact information for each user

Onboarding New Team Members

1. Create account with appropriate group membership
2. Provide CMS training materials and documentation
3. Set up temporary elevated access for initial training
4. Reduce to standard permissions after training period
5. Schedule follow-up review after 30 days

Offboarding Departing Team Members

1. Disable account immediately upon departure
2. Review and transfer ownership of content/pages
3. Change shared passwords or access codes
4. Remove from all external tool access (GA4, GTM, etc.)
5. Document the access removal in audit logs
6. Delete account after retention period (30-90 days)

Group Management Strategy

1. Create groups based on job functions, not individuals
2. Limit the number of groups to reduce complexity
3. Document the purpose and permissions of each group
4. Review group permissions when adding new modules
5. Maintain a permission matrix for reference

Content Workflow Management

1. Implement approval workflows for content changes
2. Use staging environments for testing major changes
3. Require peer review for high-visibility content
4. Maintain version control and backups
5. Document content governance policies

By implementing these user management practices, you can maintain a secure, efficient, and well-organized CMS Made Simple installation while ensuring appropriate access control for your team and analytics tools.