Bitrix Site Manager

Creating and editing a group

In this section

  • Context bar
  • Editing form
  • Parameters
  • Security
  • Access
  • Control buttons
  • This form is intended for setting the parameters of an existing or a new user group. The table below describes the field values necessary for creating or editing a user group.

    Context bar

    Button Description
    Group list Opens a page containing the list of groups.
    Create new group Creates a new user group in this form. The button is displayed when editing the existing group only.
    Copy group Duplicates the user group.
    Delete group Deletes the user group.

    Editing form

    The user group parameters form consists of three tabs. Each is used to define a certain set of parameters.

    "Parameters" tab

    This tab is used to specify the user group parameters.

    Field Description
    Last update Contains the date and time when the group was last modified. The field is displayed when editing an existing user group.
    Users Number of users in the group. The field is displayed when editing an existing user group.
    Active Specifies whether the group is active or not. If the group is inactive all users of this group are disabled.
    Sorting The user group sort weight. Defines the group position in lists.
    *Name Required parameter. Specify an arbitrary yet meaning-bearing group name, for example, Advertisers.
    Description Arbitrary group description.
    Users in the group
    This form specifies the list of registered users who are the members of the current group, and the duration of membership.
    Field Description
    User The ID, login and name of a user added to the group. The user ID is the link to the page containing the user editing form.
    Active period Specifies the period of time for which the user is added to the current group. On the expiry of the active period the user will be deleted from the group.

    If a user is to be added for an unlimited period, only the from date is to be provided.

    * - Required fields.

    "Security" tab

    This tab is used to specify the security policy for the current user group.

    Field Description
    Predefined security settings An approach of security levels allows to prevent the site from XSS/CSS attacks. In this field you can choose one of the predefined levels of security. The required parameter values of security will be specified in the corresponding fields automatically. The following predefined security values are possible:
    • Do not override. When selecting this level, the predefined security parameters will be applied to all user groups:
      • high level will be applied to site administrators;
      • for the other groups, security level parameters must be configured by the site administrator.
      To modify individual parameter values, uncheck the Do not override box near the necessary fields.
    • Low;
    • Mean;
    • High.
    For users who are members of more than one group, the strictest rule (of those defined for these groups) will be applied to every setting of security policy.
    Session maximum lifetime  Maximum session duration (minutes). This parameters is used to avoid incorrect session lifetime settings in the php.ini file.
    SESSION_IP_MASK With this protection on, theft of a cookie file containing the session information becomes useless. This type of protection is the most effective in struggle against XSS/CSS attacks.
    MAX_STORE_NUM Number of computers on which authorised sessions of a single user can be stored. For site administrators, the value of 1 is recommended.
    STORE_IP_MASK Prevents possibility to use a hash file, stolen from the user's computer with a view to attack the site. This parameter is recommended to use together with other rules concerning the authorisation duration and number of authorisations.
    STORE_TIMEOUT Maximum length of the stored authorisation (minutes).
    CHECKWORD_TIMEOUT Defines the maximum storage time of control word for the password recovery and allows to minimise the risks of site attacks via the recovery mechanism by intercepting e-mails.

    "Access" tab

    This tab specifies the user group access permissions for administrative sections of different modules.

    Field Description
    List of modules and access levels Contains the list of the installed modules, for each of which you can set access rights for the user group. 

    When you select the access level by default, the appropriate user group is assigned a standard access level defined in the main module settings. Changing the default access permission in the main module settings causes automatic changing of rights of this group to access the modules for which the default access level has been selected.

    Control buttons

    Button Description
    Save Saves the user group parameters. Opens the page with the list of groups.
    Apply Saves the user group parameters. Editing continues.
    Cancel Cancels current changes and restores parameters to their original values.