Each site visitor is assigned to one or several site user groups. Level of user group access permissions matches with user's access permissions level. When user is assigned to several groups, this user has maximum levels of permissions, available for a user within these groups.
Examples access permissions for user assigned to several groups
For example, system has a registered user, assigned to two groups as follows:
Site editors;
Partners.
Site editors group users have an access permission to edit site pages. However, they cannot access partner section pages.
Partner group users have the permission to view site public pages, as well as access a private partner section.
As a result, the user who is assigned to two of these groups will have the following level of access permissions:
permission to edit all site pages, except for partner section pages;
permission to view partner section pages.
In another case: when system has a registered user, assigned to two groups, for example:
Employees;
Sales and marketing.
Employees group users have the access permission to view site pages, however they are have restricted access to specific site pages (for example, such as Documents - Sales and Marketing). By default, users, who aren't members of this group, won't have access to the account.
Sales and Marketing group users have access permissions to a corresponding section at the Documents page.
As a result, a user who is a member of both of these groups will have the following access permissions:
access permission to enter the account;
permission to access Sales and Marketing documents.
User registration in the system
When registering in the system, the user receives personal authentication data (login and password) and is assigned to several groups.
When the system has the enabled
self-registration
User self-registration can be enabled when installing the instance using the corresponding option or inside the Main module settings.
You must delete the file /bitrix/wizards/bitrix/demo/public_files/en/auth/index.php when using this option. Not doing so forwards a third-party user to authorization form and unsanctioned adding of a new user is possible.
, the system creates a personal account for newly registered user, assigning such user to a default group,
indicated in the settings
of the Main module (Settings > System settings > Modules > Main module). Administrator can re-assign this user in the future.
After user has self-registered in the system and corresponding access permissions are available, the top section of public site will show the
Control Panel
, containing set of commands for managing the site.
Set of buttons, displayed to the user depends on the access permission of the group that this user is assigned to. For example, this panel won't be displayed for users having read only access permissions for site public pages. Full set of buttons is displayed to the site administrator.
