Learning: Policies

Policies are the rules that provide access to one or more functions of a module. A policy consists of the following:

  • Module name
  • Function Name
  • Function limitation

For example if you want to provide access to an editor to view all content in the system, the policy would look like this

Module

Function

Limitation

content

All functions

No limitations

Or if you wanted to editors to add files but only in the media library, the policy would look like this

Module

Function

Limitation

Content

create

Class (file), Section (Media Library)

If you wanted to create a user that can access the membership area of a website, the policy would look like this

Module

Function

Limitation

Content

Read

Section (Members)

Functions

Modules can have different functions, these functions are assigned to the module’s views. A policy that provides access to a module’s function can be restricted by one or more function limitations. eg. the content module has the following functions – read / create / edit / delete / move

This means you can have one group of users that is able to create and edit content but is not able to delete it.

Here are some further examples of function limitations

Class

Limits the function to particular types of objects, eg. file, image, news item

Node

Limits the function to a particular part of the site

Owner

Limits the function to the user that created the object

Section

Limits the function to objects within a certain section (this is a common way to create a members only area, you create a member user and then give them read access to this section.