Documentation Center

Publication and membership scopes

An individual User's rights and permissions to content in Content Manager is dependent on both the Publication scope and membership scope.

In addition to granting rights and permissions to its Users, a Group has a certain Publication scope: a list of Publications in which its Users have those rights and permissions. Users do not have those rights and permissions in a Publication outside of the Group's Publication scope, unless they are members of another Group that does grant them those rights or permissions, or are individually added to the Publication.

For each Group that a User belongs to, that User also has a membership scope. The User's membership scope is also a list of Publications (possibly all of them). Only Publications that are both in the User's membership scope and in the User's Group's Publication scope are accessible to the user (unless they are members of another Group that does give them access).

In the following example, the User "Pat" is a member of User Group "Editor" in a system with Publications "A", "B", "C" and "D". The Editor Group has Publications A, C and D in its scope. Pat's membership scope for the Editor Group consists of Publications A, B and C. When User Pat logs in, she sees only Publications A and C, because those are the only Publications in both scopes:

If Pat joins a second Group, "Chief Editor" and the Group's scope is B, C and D, Pat's membership scope for this Group is A and D. When Pat logs in, she sees Publications A and C as before, but also Publication D, because D is both in her Chief Editor membership scope and in the Chief Editor's Publication scope. So the User sees Publications A, C and D.

The reason that a User has different membership scopes for each Group she belongs to is because different Groups may grant different rights and permissions. For example, if the Chief Editor Group only grants 'read' permissions to its Users in all of its Publications, while the Editor grants 'read and write' permissions to its Users in all of its Publications, then Pat can only read items in Publication D, but can modify items in Publications A and C. She will see all three in her Content Manager Explorer.

To ensure that a User has access to all Publications that are in its Group's scope, even future ones, leave a User's membership scope for that Group set to the default value All Publications. If you do this, the User will automatically have access to all Publications in its Group's scope, even ones that are created and then added to the Group's scope in the future.

If you do not select All Publications, Publications that are created in the future and added to this User's Group's scope will not automatically be accessible by the User. You will have to add them to the User's membership scope for that Group manually. For example, consider the following scenario: a certain User must never have access to a Publication A, not even if that Publication is in its Group's Publication scope. Therefore, this User's membership scope for all Groups is set by clearing All Publications and explicitly selecting all Publications except A (let's say B, C and D). If a new Publication E is now created and added to the scope of the Group, the User will still not be able to access it, because Publication E is not in the intersection of the User's membership scope and its Group's scope.