Forkcms User Management: Roles and Permissions

This section covers user management, roles, and permissions for Fork CMS and associated analytics tools.

Overview

Fork CMS is an open-source content management system built with Symfony components, designed for ease of use and flexibility. The platform features a straightforward user management system with predefined user groups that control access to various backend modules and functionalities. While simpler than some enterprise CMS platforms, Fork CMS provides sufficient access control for most small to medium-sized websites and applications.

The user management system in Fork CMS is module-based, allowing administrators to grant or restrict access to specific features like Pages, Blog, Media Library, and other modules. Understanding how to properly configure user groups and permissions is essential for maintaining a secure and efficient Fork CMS installation.

Platform User Management

• Roles & Permissions - Understanding user roles
• Adding & Removing Users - User administration

User Roles and Groups

Fork CMS uses user groups to manage permissions:

Administrator Group

• Full access to all Fork CMS features
• Can manage users and user groups
• Access to all modules and settings
• Can install and configure extensions
• Database and system maintenance access
• Complete control over design and templates
• Can modify application settings

Editor Group

• Access to content modules (Pages, Blog, FAQ, etc.)
• Can create, edit, and publish content
• Media library upload and management
• Cannot access user management
• Limited or no access to system settings
• Cannot modify templates or design
• No extension installation rights

Custom Groups

Fork CMS allows creation of custom user groups with specific module access permissions tailored to organizational needs.

Accessing User Management

To access user management in Fork CMS:

1. Log in to the Fork CMS backend (typically at /private)
2. Navigate to Settings in the top menu
3. Click on Users to manage user accounts
4. Or click on Groups to configure user groups and permissions

The user management interface provides:

• Users: List and manage all backend users
• User Groups: Configure groups and module permissions
• Add User: Create new user accounts
• Edit Permissions: Modify group access levels

Adding and Inviting Users

Creating New Users

1. Navigate to Settings > Users
2. Click Add User button
3. Fill in required information:
   • Username (unique identifier for login)
   • Password (must meet complexity requirements)
   • Email address
   • Name (full name for display)
   • Active status
4. Select User Group to assign permissions
5. Configure additional settings:
   • Interface language
   • Date and time format preferences
   • API access (if applicable)
6. Click Save to create the user account

User Invitation Process

Fork CMS does not have a built-in invitation system. Follow these steps:

1. Create the user account with a temporary strong password
2. Send credentials through secure communication (encrypted email or password manager)
3. Instruct user to change password upon first login
4. Consider implementing custom invitation module for automated process
5. Document the new user in access control records

Role Assignment and Management

Assigning Groups to Users

1. Navigate to Settings > Users
2. Click on the user to edit
3. In the edit screen, select the appropriate Group from dropdown
4. Note: Users can only belong to one group in standard Fork CMS
5. Save changes to apply new group permissions

Managing Group Permissions

1. Navigate to Settings > Groups
2. Create new group or edit existing group
3. Configure Module Access:
   • Check boxes for modules the group should access
   • Available modules include: Pages, Blog, Media Library, Form Builder, FAQ, Location, Mailmotor, Tags, Users, Extensions, Settings
4. Set Action Rights for each module:
   • Full access (add, edit, delete)
   • Read-only access
   • No access
5. Configure Working Languages if multi-language site
6. Save group configuration

Permission Structure

Fork CMS permissions are straightforward:

• Module access is binary (yes/no for each module)
• Within modules, actions can be restricted
• Users inherit all permissions from their assigned group
• No permission inheritance across multiple groups
• Administrators always have full access

Security Recommendations

Authentication Security

1. Password Requirements

   • Enforce minimum 12-character passwords
   • Require complexity (letters, numbers, symbols)
   • Implement password change on first login
   • Use strong password hashing (default in modern versions)

2. Access Control

   • Limit administrator accounts to 2-3 trusted individuals
   • Use HTTPS for all backend access
   • Configure session timeout for inactive users
   • Enable automatic logout after inactivity

3. Backend Protection

   • Change default backend URL from /private
   • Implement IP whitelisting for admin access
   • Use .htaccess additional authentication
   • Monitor failed login attempts
   • Disable unused user accounts promptly

4. Two-Factor Authentication

   • Consider implementing 2FA through custom module
   • Require 2FA for all administrator accounts
   • Document recovery procedures

System Hardening

1. File Permissions

   • Restrict write access to necessary directories only
   • Protect configuration files
   • Secure media upload directories
   • Regular security updates

2. Audit Logging

   • Monitor user actions and changes
   • Review login patterns
   • Track content modifications
   • Document security incidents

Common Issues and Solutions

Users Cannot Login

Symptoms: Valid credentials rejected

Solutions:

• Verify account is set to "Active"
• Check password hasn't been mistyped
• Clear browser cache and cookies
• Verify database connection is functioning
• Check for .htaccess blocking rules
• Ensure backend URL is correct
• Review error logs for specific issues

Missing Module Access

Symptoms: Users cannot see expected modules

Solutions:

• Verify user's group has module access enabled
• Check group permissions configuration
• Confirm user is in correct group
• Clear Fork CMS cache
• Test with administrator account to isolate issue
• Review custom permission modifications

Cannot Publish Content

Symptoms: Publish button unavailable or errors occur

Solutions:

• Verify group has publish permissions for module
• Check required fields are completed
• Confirm database write permissions
• Clear cache and retry
• Review error logs for specific errors

Permission Changes Not Applied

Symptoms: Group permission changes don't take effect

Solutions:

• Clear all caches (backend and frontend)
• Verify changes were saved properly
• Log out and log back in
• Check for conflicting custom code
• Verify database updates completed successfully

Analytics Tool Access

Google Analytics 4

Manage GA4 access in Admin > Account/Property Access Management:

• Administrator: Full control over account and all properties
• Editor: Can modify configurations and create/edit reports
• Analyst: Can create reports and configure shared assets
• Viewer: Read-only access to reports and data

Best practices:

• Assign Viewer role by default for content editors
• Grant Editor access to marketing team members
• Limit Administrator access to 2-3 trusted individuals
• Regularly review and audit user access
• Integrate GA4 through Fork CMS analytics settings or template code

Google Tag Manager

Manage GTM access in Admin > User Management:

• Administrator: Full control over container and user management
• Publish: Can publish container changes to production
• Approve: Can approve changes but not publish
• Edit: Can edit tags, triggers, and variables
• Read: View-only access to container configuration

GTM workflow:

• Use Read access for stakeholders
• Grant Edit access to developers and marketers
• Limit Publish to 2-3 senior team members
• Add GTM container code to Fork CMS base template

Meta Business Manager

Manage access in Business Settings > People:

• Admin: Full control over Business Manager and all assets
• Employee: Limited access based on assigned assets and roles

Meta pixel considerations:

• Assign asset-specific roles rather than full admin access
• Regularly audit connected accounts
• Remove access for former employees immediately
• Implement Meta pixel through template or GTM

Best Practices

User Management Strategy

1. Principle of Least Privilege: Grant minimum required access

   • Start with minimal permissions
   • Add access only when justified
   • Review permissions regularly
   • Document reasons for elevated access

2. Regular Access Audits: Review access quarterly

   • Identify inactive accounts (90+ days)
   • Verify group assignments match current roles
   • Document audit findings
   • Remove unnecessary access

3. Separate Accounts: Don't share login credentials

   • Create individual accounts for each team member
   • Avoid generic "admin" accounts
   • Maintain accountability through unique accounts
   • Track who makes what changes

4. Document Access: Maintain a record of who has access

   • Keep spreadsheet of all users and groups
   • Document purpose for access levels
   • Track when access was granted
   • Include contact information

Group Management

1. Standardize Groups

   • Create groups by job function
   • Limit total number of groups (3-7 typical for Fork CMS)
   • Document purpose of each group
   • Use descriptive group names

2. Permission Design

   • Only grant necessary module access
   • Test permissions before deploying
   • Document group permission rationale
   • Review when adding new modules

Onboarding New Team Members

1. Identify appropriate user group for their role
2. Create account with standard group assignment
3. Provide Fork CMS training materials
4. Set up their interface preferences
5. Schedule 30-day review of access needs
6. Adjust permissions based on actual usage

Offboarding Departing Team Members

1. Disable account immediately upon departure
2. Transfer content ownership if needed
3. Change any shared passwords
4. Remove from external tool access (GA4, GTM, Meta)
5. Document access removal in audit logs
6. Delete account after retention period (30-90 days)

Content Workflow

1. Approval Process

   • Implement review workflow for important content
   • Separate content creation from publishing
   • Require peer review for high-visibility pages

2. Version Control

   • Use Fork CMS revision history
   • Maintain regular backups
   • Document rollback procedures
   • Train users on reverting changes

3. Training and Documentation

   • Create role-specific training materials
   • Document common workflows
   • Maintain updated user guides
   • Provide ongoing training for new features

Security Maintenance

1. Regular Updates

   • Keep Fork CMS updated to latest version
   • Apply security patches promptly
   • Update PHP and server software
   • Monitor security advisories

2. Backup Procedures

   • Implement automated daily backups
   • Test backup restoration regularly
   • Store backups securely off-site
   • Document recovery procedures

3. Monitoring

   • Review access logs regularly
   • Monitor for suspicious activity
   • Track failed login attempts
   • Set up security alerts

By implementing these user management practices, you can maintain a secure and well-organized Fork CMS installation while ensuring appropriate access control for your team and analytics tools.