User Roles in Movable Type
In previous versions of Movable Type, System Administrators granted individual permissions to each user either system-wide (e.g. can create blogs or the System Administrator permission) or on a per-blog basis (e.g. can create entries, can edit all entries, can manage notification list). While the permissions structure was granular, such a workflow quickly became onerous when more than a few users were involved.To ease the burden of administration, Movable Type 4.0 introduces a new role-based permission system.
Roles are aggregate containers of permissions that are granted to users, bestowing a number of capabilities all at once. System-level permissions are still individually granted through the user or group profile but all blog-level permissions use the new roles system.
Examples of how roles can be used on a blog
Roles allow administrators to map real-world labels onto sets of permissions like, “Designer” or “Writer” allowing for almost natural language assignment: — User is Role on Blog*.
Here are some examples:
- Brad is an author on the Engineering Blog
- Byrne is an editor on the Science Fiction Blog
- Shelley is a blog administrator on Shelley’s Blog
While a single user can have any number of roles on a particular blog, it is best practice to create broad roles which encompass all of the desired permissions so each user has only a single role (or maybe two) on each blog. This will greatly reduce your management burden in the future.
Default Roles in Movable Type
The system ships with a number of default roles which cover a number of popular personas and capabilities. These default roles are not special in any way. They are completely customizable in both name, description and permissions and can be deleted if the administrator finds them unsuitable. New roles can also be created in place of or in addition to the default roles.
- Author. Can create entries and pages, can edit their own entries and pages, upload files and publish. Can comment.
- Editor. Can upload files, can edit all entries, pages, tags and categories on a blog, and publish. Can comment.
- Contributor. Can create and edit their own entries, and save them as “unpublished.” Can comment.
- Designer. Can edit, manage and publish blog templates.
- Moderator. Can manage comments and TrackBacks. Can comment.
- Blog administrator. Can administer the blog.
Each of these roles can be modified or even deleted. Other roles can be created to better match how you and your users work on your blog(s).
Custom Roles when Upgrading
When you upgrade to Movable Type 4 from a previous version of Movable Type, the system maps each users’ sets of permissions to each default role and if a match is found, the default role is granted in place of the individual permissions. When the permission sets don’t match up, a Custom role is created for them, system-wide and each user with that set of permissions on any blog will be granted that Custom role.
After upgrade, these Custom roles can be edited, properly named to describe the persona or combined manually with the default roles. For best results, we recommend that all Custom roles are at least renamed making it easier to differentiate between each.
Learn More
Learn more about:
Bryant on February 29, 2008, 2:01 p.m. Reply
When a new user is created, how does the system decide what role to assign them?
Jay Allen on April 17, 2008, 7:24 p.m. Reply
@Bryant, generally the system doesn’t; the system administrator creating the user does. See Granting Permissions to a User for details.
If, however, you’re talking about users created via the user registration feature of Movable Type Community solution, those users are created with a “Commenter” role, allowing them to comment on the blog but nothing else. Administrators can subsequently provide them with additional permissions if desired making it simple to promote members of your blog’s community to comment moderators, authors or even fellow administrators.