Concrete CMS Roles and Permissions

Configure roles and permissions in Concrete CMS (formerly Concrete5). Covers user groups, task permissions, page-level access control, and advanced...

Concrete CMS uses a flexible group-based permission system. Understanding groups and permissions is essential for secure site management.

How Concrete5 Permissions Work

Group-Based Access Control

Concrete CMS implements a sophisticated permission system:

Group: Collection of users with shared permissions
Permission: Specific capability (view, edit, delete)
Task: Granular permission type (dashboard access, page editing)
User: Can belong to multiple groups (permissions combine)

User → Groups (multiple) → Permissions (cumulative) → Access

Permission Hierarchy

Site
├── Page Permissions (content access)
├── File Permissions (media library)
├── Area Permissions (page sections)
├── Block Permissions (content blocks)
└── Task Permissions (system functions)

Default Groups

Administrators

Purpose: Complete site control

Key Capabilities:

✓ Full page access (create, edit, delete)
✓ File manager (all files)
✓ User management (add, edit, delete users)
✓ Group management
✓ System settings
✓ Dashboard access (all areas)
✓ Theme editing
✓ Package installation
✓ Advanced permissions
✓ Workflow management
✓ Sitemap management
✓ Reports and logs

Use Cases:

Site owner
Lead developer
Technical administrator
System manager

Security: Limit to 1-2 trusted individuals

Editors

Purpose: Content management and editing

Capabilities:

✓ Edit existing pages
✓ Add content blocks
✓ Upload files (with restrictions)
✓ Basic dashboard access
✓ View sitemap
✓ Edit page properties
✗ Delete pages (typically)
✗ User management
✗ System settings
✗ Theme editing
✗ Package management

Typical Permissions:

Page: Edit, edit versions, approve changes
Files: Upload, edit file properties
Dashboard: Content & Files only

Use Cases:

Content managers
Marketing team
Content editors
Regular staff

Authors

Purpose: Content creation with limited editing

Capabilities:

✓ Create draft pages
✓ Edit own pages
✓ Upload files (limited)
✓ Basic content blocks
✗ Publish pages (requires approval)
✗ Edit others' content
✗ Delete pages
✗ System access

Workflow:

Author creates page
Page saved as draft
Editor reviews
Editor publishes

Use Cases:

Blog authors
Contributing writers
Content creators
Guest contributors

Registered Users

Purpose: Authenticated users with minimal access

Capabilities:

✓ View members-only pages
✓ User profile editing
✓ View protected content
✗ Dashboard access
✗ Page editing
✗ File uploads
✗ Administrative functions

Use Cases:

Members
Subscribers
Community members
Authenticated visitors

Guests

Purpose: Unauthenticated site visitors

Capabilities:

✓ View public pages
✗ Dashboard access
✗ Edit anything
✗ View restricted content

Default: All site visitors

Permission Types

Page Permissions

Available permissions:

View Page:

Who can see the page
Default: Guests (public)
Can restrict to specific groups

Edit Page Properties:

Change page name, URL, attributes
Modify page settings
Update meta data

Edit Page Contents:

Add/remove blocks
Edit content
Change layout

Approve Page Changes:

Publish pending versions
Workflow approval
Version control

Move or Copy Page:

Reorganize sitemap
Duplicate pages
Change parent page

Delete Page:

Remove page from site
Trash page
Permanent deletion (from trash)

Add Subpage:

Create child pages
Expand sitemap
Page hierarchy

Example configuration:

Page: "About Us"
├── View: Guests ✓
├── Edit Properties: Editors ✓
├── Edit Contents: Editors ✓
├── Approve: Administrators ✓
├── Delete: Administrators ✓
└── Add Subpage: Editors ✓

File Permissions

File manager permissions:

View Files:

Browse file manager
See file list
Preview files

Search Files:

Use file search
Filter files
Advanced search

Add Files:

Upload new files
Bulk upload
Import files

Edit File Properties:

Change file name
Update attributes
Modify metadata

Edit File Contents:

Replace file
Edit images
Crop/resize

Delete Files:

Move to trash
Permanent deletion
Bulk delete

File Sets:

Organize files into sets
Manage file collections
Categorize media

Area Permissions

Control page sections:

Edit Area:

Add blocks to area
Remove blocks
Rearrange blocks

Custom permissions per area:

Page: Homepage
├── Main Content Area: Editors ✓
├── Sidebar: Administrators only
└── Footer: Administrators only

Use for:

Protected areas
Sensitive content
Administrative sections

Block Permissions

Individual block control:

Edit Block:

Modify block content
Change block settings
Update block design

Delete Block:

Remove block
Cannot delete if restricted

Example:

Block: Contact Form
├── Edit: Administrators only
└── Delete: Administrators only

Task Permissions

Dashboard and system access:

Access Dashboard:

View dashboard home
Basic dashboard access

Access Sitemap:

View sitemap
Browse page tree

Access File Manager:

Open file manager
Browse files

Add Users:

Create user accounts
Invite users

Manage Users:

Edit user details
Assign groups
Delete users

Manage Groups:

Create groups
Edit permissions
Assign users to groups

Install Packages:

Add functionality
Install themes
Extend system

Manage System Settings:

Site-wide settings
Configuration
Technical settings

Clear Cache:

System maintenance
Performance optimization

View Logs:

Error logs
Activity logs
Security logs

Creating Custom Groups

Create New Group

Dashboard → Members → Groups → Add Group

Configuration:

Basic Settings:

Name: Group identifier
Description: Group purpose
Badge: Visual indicator
Expiration: Auto-remove after time period

Parent Group (optional):

Inherit permissions from parent
Hierarchical structure

Example custom groups:

Content Manager

Purpose: Full content control, no system access

Permissions:

Pages:
├── View all: ✓
├── Edit properties: ✓
├── Edit contents: ✓
├── Add subpages: ✓
├── Move/copy: ✓
├── Delete: ✓
└── Approve changes: ✓

Files:
├── View: ✓
├── Add: ✓
├── Edit properties: ✓
├── Edit contents: ✓
└── Delete: ✓

Tasks:
├── Access dashboard: ✓
├── Access sitemap: ✓
├── Access file manager: ✓
├── Install packages: ✗
├── Manage users: ✗
└── System settings: ✗

Blog Contributor

Purpose: Blog posting only

Permissions:

Pages (Blog section only):
├── View: ✓
├── Add subpages: ✓ (new posts)
├── Edit own pages: ✓
├── Edit others: ✗
├── Delete: ✗
└── Approve: ✗

Files:
├── Upload: ✓ (images only)
├── Edit: ✓ (own files)
└── Delete: ✗

Tasks:
├── Dashboard: ✓ (limited)
└── All else: ✗

SEO Specialist

Purpose: SEO and meta data management

Permissions:

Pages:
├── View all: ✓
├── Edit properties: ✓ (meta data)
├── Edit contents: ✗
└── Page attributes: ✓

Tasks:
├── Sitemap: ✓
├── SEO tools: ✓
├── Reports: ✓
└── Analytics: ✓

Advanced Permission Features

Permission Inheritance

Page inheritance:

Child pages inherit parent permissions by default
Can override per page
Simplifies management

Override inheritance:

Page → Permissions → Advanced Permissions → Override

Example:

Parent: /services (Editors can edit)
└── Child: /services/private-clients
    Override: Administrators only

Workflow Permissions

Approval workflows:

Dashboard → Workflow → Add Workflow

Configuration:

Define workflow steps
Assign approvers
Set notifications
Configure permissions per step

Example workflow:

1. Author creates page (draft)
2. Editor reviews (can edit, cannot publish)
3. Administrator approves (publishes)

Guest Access (Unauthenticated)

Control public access:

Most pages: Allow Guests
Members area: Deny Guests
Login required: Remove Guest permission

Scheduled Permissions

Time-based access (via add-ons):

Grant temporary access
Expiration dates
Auto-revoke permissions

Example:

User: temp-contractor
Group: Editors
Expires: 2024-12-31
Action: Auto-remove from group

Permission Best Practices

Least Privilege Principle

Grant minimum needed:

Bad:

New intern → Administrators
Reason: "Easier than configuring"

Good:

New intern → Authors
Permissions: Create draft pages only
Review: 30 days
Escalate: If needed

Dangerous Permissions

Restrict carefully:

Install Packages: Code execution risk
Manage Users: Privilege escalation
System Settings: Site breakage
Delete pages: Content loss
File uploads: Malware risk

Mitigation:

Limit to Administrators only
Require workflow approval
Log all uses
Regular audits

Permission Auditing

Monthly review:

List all groups
Review group permissions
Check user group assignments
Identify over-permissioned users
Remove unused groups

Audit script:

$groups = Group::getList();
foreach ($groups as $group) {
    echo "Group: " . $group->getGroupName() . "\n";
    echo "Members: " . count($group->getGroupMemberIDs()) . "\n";
    echo "Permissions: \n";
    // List permissions
}

Troubleshooting

User Can't Access Expected Feature

Debug:

Check group membership
Verify group permissions
Check page-specific permissions
Clear cache
Check logs

Permission Changes Don't Apply

Solutions:

Clear cache (Dashboard → System → Optimization → Cache)
Rebuild sitemap
Check permission inheritance
Log out and back in

Can't Edit Page

Checklist:

User in group with edit permission?
Page permissions allow editing?
Workflow blocking edits?
Page checked out by other user?

Next Steps

Adding & Removing Users - User management
Concrete5 User Management - Overview
Concrete CMS Documentation

शीर्ष पर वापस जाएँ

Concrete CMS Roles and Permissions

How Concrete5 Permissions Work

Group-Based Access Control

Permission Hierarchy

Default Groups

Administrators

Editors

Authors

Registered Users

Guests

Permission Types

Page Permissions

File Permissions

Area Permissions

Block Permissions

Task Permissions

Creating Custom Groups

Create New Group

Content Manager

Blog Contributor

SEO Specialist

Advanced Permission Features

Permission Inheritance

Workflow Permissions

Guest Access (Unauthenticated)

Scheduled Permissions

Permission Best Practices

Least Privilege Principle

Dangerous Permissions

Permission Auditing

Troubleshooting

User Can't Access Expected Feature

Permission Changes Don't Apply

Can't Edit Page

Next Steps

Related Resources