CMS Made Simple Roles & Permissions | OpsBlu Docs

CMS Made Simple Roles & Permissions

CMS Made Simple (CMSMS) permission system -- group-based access control, module permissions, and analytics integration.

CMS Made Simple uses a group-based permission system where users belong to groups, and groups are assigned specific permissions. The permission model is granular, allowing per-module and per-content access control.

Built-in Groups

Group Admin Panel Manage Users Edit Content Manage Templates Manage Modules Site Settings
Admin Yes Yes Yes Yes Yes Yes
Editor Yes No Yes No No No
Designer Yes No No Yes No No

Permission Granularity

Each group can be assigned individual permissions from a list of ~50+ permissions:

  • Manage All Content / Add Pages / Remove Pages
  • Manage Stylesheets / Manage Templates
  • Manage Users / Manage Groups
  • Modify Site Preferences / Manage Tags
  • Per-module permissions (e.g., Use Module: News, Modify Module: FormBuilder)

Permission Matrix

Permission Admin Editor Designer
Modify Site Preferences Yes No No
Manage All Content Yes Yes No
Manage Templates Yes No Yes
Manage Stylesheets Yes No Yes
Manage Users/Groups Yes No No
Use Module: News Yes Yes No
Modify Modules Yes No No

Creating Custom Groups

Navigate to Users & Groups > Groups > Add Group in the admin panel:

// Custom group permissions are stored in the database
// Access via: Admin Panel > Users & Groups > Groups
// Example: Create an "Analytics Manager" group with permissions:
//   - Modify Site Preferences (to add tracking code in global settings)
//   - Manage Templates (to edit head section of templates)
  1. Go to Admin Panel > Users & Groups > Groups
  2. Click Add Group
  3. Name the group (e.g., "Analytics Manager")
  4. Check the required permissions
  5. Click Submit

Analytics-Relevant Permissions

Adding analytics requires either Modify Site Preferences (for Global Content Blocks) or Manage Templates (for template head section):

{* In your template (e.g., master template), add before {/literal}</head> *}
{literal}
<script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'G-XXXXXXXXXX');
</script>
{/literal}

Best Practices

  1. Create a dedicated "Analytics Manager" group with only template and preferences access
  2. Use the Designer group for front-end developers who need template access
  3. Keep Admin group membership minimal
  4. Use Global Content Blocks for tracking code so editors cannot accidentally remove it
  5. Audit group permissions quarterly via Users & Groups > Groups
Back to top