|Research, training, consultancy and software to reduce IT costs|
Sharing your stuff
On the web, it's very easy to share stuff. What's harder is to keep your stuff private, and to only share it with the people you want.
We've taken this to heart at Metrici and built in strong controls on who can access what. The controls are based on a simple principle: everything you create is private until you say otherwise. For example, if you create a website in Metrici, nobody other that you can see the pages until you grant them access.
For a quick overview, look at content sharing in Metrici.
If you want to share your stuff, you need to think about users, permissions and user groups.
When you create an account, a main account user is created. You can create additional users, with their own user ids and passwords, and grant them access to your nodes.
To create additional users, click on the More menu at the top of the page and select the Admin link. This will take you to an admin page, which has sections "About me", "Account administration" and "Systems administration". (Do try out the cool change theme option.)
To create a new user, click on the Users icon and then the New user button. Leave the owning group to default, and fill in the details. Make a note of the password. Metrici stores passwords using strong, one-way encryption, so you can't retrieve a password after it has been set. (This also means there's no way that passwords can be "hacked" from Metrici.)
When you click on Create user, you'll be taken back to the user details page. This has all the options you need to manage the user. You can get back to the details page for a user using the Search option on the Users page.
When you have set up your new user, click on Home and navigate back to the node you want to give the user access to. Click on the More menu, and then Manage permissions. This lets you add permissions for individual users.
Metrici supports many different types of permission. You can read about all of them in the Permissions section of the Metrici development guide. To give someone read access to a node, you need to grant them:
You can use package-level permissions to set permissions across all the nodes in a package. These are like the node-level permissions, but start with "Package". So you can grant Package read all members and Package use draft to let someone read all the pages within a package. Package permissions only set permissions on the nodes directly contained by the package; you will need to grant node-level permissions if you want other people to read the package itself, and further package-level permissions for sub packages.
The principle of everything being private applies to people as well as data. You can't grant access to simply anyone, you can only grant access to people that you are authorised to grant access to.
There's a good reason for this restriction. Most of the time you don't want to make things public. You want to limit access to a group of people or, at most, all the people in your organisation. Within Metrici, you are only authorised to grant access to people in the same account. You can't be tricked into granting other people access; fundamentally the information stays in the organisation.
To make permissions easier to manage, you can group users into user groups, and then grant permissions to the user groups.
To create a user group, go to the Admin page and then User groups, and click on New user group. Give the new user group a reference and name, and optionally a description.
The Use this user group to create new users option lets you create a different sort of user group that you can put new users into, known as an owning user group. This is used when you need different categories of users that you want to keep separate from others. Leave this box blank for now.
Once you have created the user group, you can select users to add to the group. You can return to the user group details page later to add and remove users, to change the group details, or delete the group.
You can use your new group on the permissions page to grant access to all the people in the group. As you add and remove people from the group, their permissions will change.
Sharing with everyone
When you account is created, an account user group is created, called "accountname Users". Granting permission to this group means that everyone in your account gets access. Also, everyone in the account user group is authorised to grant to everyone else in the account user group, which is what allows people in the same account to grant to each other.
Granting permissions to the special user Anonymous lets anyone read the nodes, even people from other accounts or when nobody is signed in. You need to use Anonymous access with care, but it does have additional safeguards. The most significant of these is that you can only grant read access to Anonymous. If you grant a higher privilege, such as update or administer, then other people will only get read access.
We have covered setting up web pages and permissions by hand. Next newsletter I will introduce the MiniSite app which sets up a site and associated permissions for you, including a Permission Manager component which lets you define permission rules and roles across a package structure, and then attach users and groups to the roles.Next: Metrici MiniSite
Minimal IT: research, training, consultancy and software to reduce IT costs.