Creating a Simple Intranet

by Sam Knox last modified Feb 04, 2009 02:35 AM
Let's say you want to have a private section (folder) within your site for a group of user to go in and edit and add content freely, but restrict this group from editing content elsewhere on your site.

Suppose your organization is made up of staff, volunteers, and board members. Your staff are obviously responsible for creating and maintaining content on the website. Therefore, they need to have the highest level of access to be able to do that job. However, board members and volunteers may want to manage their own private content, or have access to sensitive information that you do not want publicly available.

The best solution is to create a space on your website specifically for these groups to "own" and manage for their own needs. Usually that takes the form of a private folder or page.

Background

Before we begin this tutorial, you should familiarize yourself with the concept of users and roles in Plone. This is useful information you should know about before reading this tutorial.

The steps involved

  1. Create users and set their global role
  2. Create a group and add users to that group
  3. Create the Intranet folder and grant edit, add, and view permissions to the group


Create Users

If you haven't already done so, you need to create the users on your website who will use the private Board folder. To see what users have been created for your site, go to Site Setup -> Users and Groups Administration. From here you can Add New User or Show All to see a list of everyone. show-all-users.gif

Each user has a User Name, Email Address and Role column. This is where you set the Global Role for a user. Global Role controls how that user can behave across the entire site. For your Intranet members, you should leave them in the member Role. For your site managers, you can give them the manager Role. When you're done adding new members and setting their roles, you're ready to move onto the next step.

Create a Group and Add Users

Now that you have created your list of Intranet members, it's time to create a group for them. The purpose of creating groups is that groups can be given both Global and Local roles, which means you do not have to change roles for each individual. The idea is to create one group which gets assigned a role for a folder. Any users in that group inherit the local role.

From Site Setup -> Users and Groups Administration click on the green groups tab in the task bar. You should see the title Groups Overview and any existing groups listed there (many sites have Administrators and Reviewers as default groups). Click the Add New Group icon and fill out the fields.

You should now see your Intranet group in a listing that looks like this:

permission-groups.gif

 

Assign your new group's global role as Member, to prevent all Intranet members from having full access to all parts of your site.

In order to help your Intranet users manage their content, you should create a Recent Items Portlet for them. You can do this via the Group Portlets tab accessible by clicking on the name of the group.

At this point the group has been created as well as your list of users. Now you must add users to your group. To do that, click on the group name. From there you can search for individual members, or click the Show All button to see everyone. Select users one at a time, or use the checkbox at the top to select all users. Then click the add selected groups and users to this group button to finish.

 

Create a Folder and Set the Sharing Permissions

If you haven't already done so, at this point you should create a folder for your Intranet. Be sure the Publishing State for the folder and its contents are Private. If you do not, anonymous site visitors can potentially find and access your restricted documents.

Once that is done, you are ready to assign Permissions on that folder for your Intranet group. To do that navigate to your Intranet folder and click on the green Sharing tab. Use the search within the Sharing screen to find the Intranet group. The group name will appear in the sharing listing. You can now assign the permissions for this folder.

intranet-folder-permissions.gif

As you can see there are four options for permissions: Can add, Can edit, Can view, and Can review. The typical permissions for an Intranet folder are: Can add, Can edit, and Can view. You can of course implement a submit-and-review process or create two or more groups with varying levels of local permissions within the Intranet folder (for example, one group who can add only, and one that can edit only).

Note: the "Logged-in users" group is a 'virtual group' which you can use to restrict local permissions for any logged in user, regardless of their global role.