After your first login you will see that everything is rather empty. A good starting point are the general application settings, groups and modules.
The general application settings can be found in the Admin settings.
Modules (on the side navigation) > Admin > Settings
On this page you may change the general application settings such as login behavior, server localization, logging etc.
Modules on the side navigation you can see all installed modules. By clicking on them you will get additional module information and module specific settings.
If you want to install additional settings search for specific keywords on the module page and you will receive suggestions based on these keywords. You can then check out the detailed information of these modules in order to further inspect the features the modules provides.
Groups are an easy solution to managing multiple users at the same time. After the installation only a handful of groups exist. Feel free to create additional groups based on your requirements.
Guest: Users in this group have no permissions (cannot even login by default)
User: Users in this group have basic read and write permissions
Admin: Users in this group have all permissions
If a user is part of multiple groups (this is often the case in more complex permission handling) the user has the permissions of all groups he is part of. This allows to configure groups very carefully with only the necessary permissions.
Groups (and accounts) can have the following permissions:
READ: The user can read/see certain content
CREATE: The user can create/write certain content
MODIFY: The user can modify/change certain content
DELETE: The user can remove certain content
PERM: The user can change permissions
It's also possible to assign permissions directly to individual users but this is not recommended as this makes managing permissions much more difficult.
When you assign the above mentioned permissions to a group you will see that you can also define:
Unitthis permission is for (after the installation you only have one unit but you maybe want to have additional units/sub-organizations later on)
Appthis permission is for (after the installation you only have the
Apibut in the future you may have additional apps, which sometimes even get provided by other modules e.g.
Modulethis permission is for (e.g. the group only has create/write permissions for a certain module)
Categoryis module specific and can be found in the module help. This can be e.g. news-article in the News module, account in the Admin module etc.
Elementis the specific model/element (e.g. a specific news article). This is represented by the element ID/number.
Componentis the specific component of a element/model (e.g. the title of a news article).
These restrictions show that it is possible to do very fine/granular permissions. It is possible to leave some of the above mentioned restrictions empty to allow a broader permission definition. Examples:
- Everything empty = Group/user has the permissions (e.g. read, create, ...) on everything
- Only define module = Group/user has the permissions (e.g. read, create, ...) on everything in this module
- Only unit and module is defined = Group/user had the permissions(e.g. read, create, ...) on everything in this module but only for the specified unit/sub-organization.
By default only admin users can create new accounts. However it is possible to allow users to register by themselves in the admin module settings. Self-registered users are always part of the
user group. Make sure the
user group permissions are designed while keeping that in mind.
If a admin user creates a new account you must decide if the user/account should also be allowed to login/have a profile or if this account is just an internal account.
If the user should be allowed to login/active user you should click on
Create Profile to also create a profile for the user. Upon doing this the user will receive a registration email in the same way as if he registered by himself. The registration email contains a preliminary password which the user should change.