How to set up permissions for different scenarios

This article aims to explain some common permission stategies. For an overview about permissions in Lemoon please see http://help.lemoon.com/permissions

There are a number of built-in virtual roles that can be used when setting permissions:

BUILT-IN\Everyone
All users are members of this group.
BUILT-IN\Authenticated
All users that are authenticated (logged in) are members of this group.
BUILT-IN\Anonymous
All users that are NOT authenticated (logged in) are members of this group.
BUILT-IN\Creators
Users that have created content are members of this group. If person A has created the page "Products", then person A will be a member of the BUILT-IN\Creators role for that content.

Public site

Goal: All content should be publicly available to all visitors.

Site permissions

  • BUILT-IN\Everyone [Read]

Permission for all content

  • BUILT-IN\Everyone [Read]
  • BUILT-IN\Creators [Edit, Delete]
  • BUILT-IN\Authenticated [Create]

Public site with extranet

Goal: Most content should be publicly available, some is only available to authenticated users.

Site permissions

  • BUILT-IN\Everyone [Read]

Permission for all content

  • BUILT-IN\Everyone [Read]
  • BUILT-IN\Creators [Edit, Delete]
  • BUILT-IN\Authenticated [Create]

Alternative 1: Permission for content in extranet area (access for all authenticated users).

  • BUILT-IN\Anonymous DENY [Read]
  • BUILT-IN\Authenticated [Read]

Alternative 2: Permission for content in extranet area (access for specific group).

  • BUILT-IN\Anonymous DENY [Read]
  • Group X [Read]

Intranet

Goal: Content should only be available to authenticated users.

Site permissions

  • BUILT-IN\Authenticated [Read]

Permission for all content

  • BUILT-IN\Authenticated [Read]
  • BUILT-IN\Creators [Edit, Delete]