Last Modified: 10.10.2012
The advanced access management approach implemented in Bitrix Site Manager enables users and system administrators to configure user access permissions to any level of sophistication. The system operates on the basis of the two entities: an access level and an operation. The access level being the property of a module or a user group includes one or more permitted operations (e.g. file creation permission, user management permission etc.).
Access level — is a set of operations that a user can perform. The access levels and the underlying operations are assigned by the system administrator. The access levels are inheritable, which means that if no explicit access permission exists for a section or page, the access parameters of a parent section take effect.
A good example of a user oriented operation is Make partial correction to files containing PHP code. An administrator can enable this operation for a certain user or a user group so they can edit the component parameters or edit files containing the inclusions of PHP code.
Currently, the access levels can be specified for the modules: Kernel, Commercial Catalog, Site Explorer, Proactive Protection and SEO. Other modules will be enhanced to support access levels in the nearest future.
To manage the access levels, browse to Settings > Users > Access Levels:
This page shows the existing access levels. Note that there are special system access levels which cannot be modified or deleted. However, you can always create a copy of any system access level and edit the copy as required.
To create a new access level, click Add acess level on the context toolbar. Obviously, the access level property form will show up:
Once you have devised a proper name and description for the new access level, select the module in which the access level will be available. Then, choose the object whose access is to be controlled by this access level. If you select Module, the level will be applicable to the selected module. If you select File/Folder, the level will control access to the files and/or folders with respect to the selected module.
The options on the Operations tab depend on the selected module and the control object. For example, the following figure shows options available for the previously selected settings (on the image above):
Once the access level is saved, it will become visible in the module settings and in the user group’s Access tab: