CONTACT
Connect with Us!
Latest Event
Latest Case Study
Latest Case Study
Discover Affino
System Security Rights
security centre
Overview
This guide lists in alphabetical order all of the System Security Rights. You can refer to this guide for a comprehensive list.
System Securities differ from Content Security Rights (Viewing Access) as the former exist permanently in the system, and are simply assigned on the basis of who can do what on an Affino Site. A Content Security Right may prevent you accessing content or structure, but say you wanted to actually interact or participate in some way - you would need some System Security Rights to enable that.
System Security Rights are split by 6 different User Types - from top to bottom:
- Site Controller - We used to call this Webmaster or Web Manager, but ’Site Controller’ seems more suitable now, this Very Senior Admin who is responsible for the day-to-day running of the site, and has in effect the keys to the vault - ’Security’ as well as the ability to effect complete system updates via ’Affino Updater’, other sensitive Securities we advise be solely within the Site Controller domain, are ’Site Editor’ and ’Zone Moderator’. (4 Sensitive Rights)
- Authorized Developer - Someone specially trained and Authorized by Affino to access System Management Functions - ’Developer’ and ’Web API’ Security Rights (2 Rights)
- Senior Admin - Sensitive or Complex tasks which require delicacy and experience - Business Management, Campaign Management, Channel, Classic Design, Commerce, Community Manager, Contract, Design, Sales, Social Marketplace (12 Rights)
- Admin - Various activities suitable for most personnel - typically control-side and display-side content and media upload and editing (53 Rights)
- Advanced User - Special Status End User - who gets access to more advanced forms of content, functions or analysis - Action Client, Action User, Campaign Statistics, Dashboard User (4 Rights)
- User - General End User - who is granted participation rights for key interaction, transaction and communication functions (17 Rights)
Securities : A - C : #1 to 23
Name | Area | Function | User Type |
| Action User | Social > Forums | Forum Task Manager Agent and Manager Status | Advanced User |
| Affino Updater | Settings > System Update | Ability to Use Affino Updater | Site Controller |
| Application Bar User | Display-side Control | Edit | Manage - Content, Media, Commerce and Design from the display-side | Admin |
| Archive | Publish | Manage - Article Archiving | Admin |
| Blog | Social > Blogs | Ability to Post | Edit - Blog Posts | User |
| Business Management | Social > CRM | Ability to Manage - Product Categories, Product Lines, Sales Teams, Business Units | Senior Admin |
| Campaign Management | Promote > Campaign Management | Manage - Advertising Campaigns and Banners | Senior Admin |
| Campaign Statistics | Promote > Campaign Management | View - Campaign Statistics | Advanced User |
| Channel | Structure > Channel | Add | Edit | Manage - Channels | Senior Admin |
| Comment | Social > Comments Approval | Add | Edit | Manage - Comments | Admin |
| Comment User | Social > Comments & Ratings | Ability to Post Comments | User |
| Commerce | Commerce | Ability to Add | Edit | Manage All Ecommerce Elements, inc. Store Profile, Discounts, etc. | Senior Admin |
| Commerce User | Commerce | Ability to View Prices and Add to Basket | User |
| Community Manager | Social | Ability to Manage Community Elements - Accounts, Assign Badges, Contacts, CRM, External User Info, Group Profile, Live Users, Lookups, Most Recent Users, Personnel, Personnel Type, Related Contact | Senior Admin |
| Community Moderator | Social | Manage Community | Moderate User Activities - All Moderator Rights (Comments, Media Library Moderator) | Admin |
| Contact Management | Social > CRM | Add, Change or Remove Contacts and Accounts and their Addresses | Admin |
| Contract | Social > CRM | Ability to Manage - Bill Analysis, Bills, Contract Analysis, Contracts | Senior Admin |
| Control | Control | Access to Core Control Functions, Control Home | ALL Admin |
Securities : D - L : #24 to 45
Name | Area | Function | User Type |
| Dashboard | Analyse > Dashboard | Access to View Control-Side Dashboard | Admin |
| Design | Responsive Design Centre | Add | Manage - Design Objects, Skins, Templates, CSS etc. | Senior Admin |
| Developer | System | System Management | Developer Access to Deep System Functions for Custom Applications | Authorized Developer |
| Digital Asset Management | Media > Digital Asset Management | Main Access to Media Centre, as well as access to Media Editor and advanced Media Library Functions | Admin |
| Document (deprecated) | Publish > Documents | Add | Edit | Manage = Documents | Admin |
| Dynamic Form | Social > Dynamic Forms | Add | Edit | Manage - Dynamic Forms | Admin |
| Dynamic Message | Social > Dynamic Forms | Ability to access and receive form entries via notification | Admin |
| Ecard | Promote > Ecard | Add | Edit - Ecards | Admin |
| Edition Delete | Publish > Edition | Delete Editions | Admin |
| Edition Management | Publish > Edition | Add | Manage Editions and Edition Profiles. Run Edition Import | Admin |
| Editor | Publish + Social | Ability to view Control-side editorial screens, including: Analyse, Article Attribute, Article Export, Article Icon, Article Import, Article Profile, Article Type, Audit, Broken Links, Channel Analysis, Competitor Analysis, Content Analysis, Content Subscription Analysis, Content Subscriptions, Event Profile, Incoming Feeds, Media Subscription Analysis, My Messages Profile, Product Search Profile, Profanity Filter Settings, Regions, Region and City Export, Region and City Import, Related Profile, Related Profile, Restructure, Search Analysis, Search Profile, Search Settings, Search Update, Site Analysis, Site Tree, Spam Prevention Profile, Storage Analysis, To Do Lists, Un-used Content, Update, User Analysis, Webservice Profile | Admin |
| Event | Publish > Events | Add | Edit | Manage - Events and Seminars | Admin |
| Finance | Social > CRM / Commerce / Analyse | Access Tax Period Summary Export, Tax Transactions Report, Sales Invoice Export, Deferred Income Report, Deferred Income Detail Report, Sage Audit Trail Export, Sage Customer List Export | Senior Admin |
| Flatplan | Publish > Flatplans | Ability to Create / Add Flatplans | Admin |
| Flatplan Editor | Publish > Flatplans | Ability to lay out and edit actual Flatplans | Admin |
| Forum | Social > Forums | Add | Edit | Manage - Forums | Admin |
| Forum User | Social > Forums | Ability to Make Forum Posts | User |
| Full Text Editor | Publish | Access to Full WYSIWYG Editing Options | Admin |
| Image | Media > Design Images | Ability to Upload | Edit - Design Images | Admin |
| Inventory | Commerce > Inventory | Ability to Manage | Update - Inventory | Admin |
| Legal | Settings > Terms & Conditions Security > My Preferences Profiles & Permissions | Add | Edit | Manage - Terms & Conditions, My Preferences Profile and Permissions. Run Preferences & Permissions Import and Export | Admin |
Securities : M - P : #46 to 69
Name | Area | Function | User Type |
| Media Library Bulk Uploader | Media > Media Items | Ability to Use the Media Uploader | Admin |
| Media Library Moderator | Media | Abiity to Manipulate | Edit - Media Library Assets including Media Image Profiles, Media Library Profiles, Media Provider Profiles and Media Upload Profiles | Admin |
| Media Workflow | Media > Media Workflow Profiles | Ability to Manage Media Workflows | Admin |
| Messaging | Social > Message Campaigns | Add | Edit | Manage Message Campaigns | Admin |
| Meta Data | Publish > Meta | Add | Edit | Manage | View - Meta Data | Admin |
| Multi-Zone User | Security > User (Multi-Site Licence) | Enables Cross-domain Users - Means single User Account can straddle several Zone | User |
| My Information User | Security > User (Publis Profile) | Ability for Users to View and Access My Information Content and Functions | User |
| My Messages | Social > My Messages | Access to User Affino's On-site My Messages Inbox | User |
| Non-secured | Display-side Access | Opposite of what you might think - grants access to all unsecured display-side content | User |
| Online Directory | Settings > Online Directory | Manage Directory Profiles and Directory Step Profiles | Admin |
| Online Form | Social > Online Form | Add | Edit | Manage - Online Forms | Admin |
| Order Import | Commerce > Order Import | Ability to Import Orders | Admin |
| Order Processing | Commerce > Order Processing | Ability to View | Manage from Order Processing Screen and receive Sales Notifications - Order Lists, Order Processing, Order Processing Line Item, Orders, Pro Forma Orders | Admin |
| Payment | Commerce > Payment Gateways & Methods | Ability to Set Up | Manage Payment Gateways and view Payment Details | Admin |
| Personal Data | Social > CRM | Access to sensitive information such as passport information | Admin |
| Projects | Social > CRM | Ability to Add, Edit and Manage Projects and View Project Analysis | Admin |
| Promotion | Promote | Ability to Manage Promotion Elements | Admin |
| Publish | Publish | Ability to Make Content 'Live' | Admin |
| Publishing Workflow | Publish + Settings | Ability to Manage Publishing Workflows | Admin |
| Publishing Workflow User | Publish + Settings | Ability to Participate in Publishing Workflows | User |
Securities : R - Z : #70 to 89
Name | Area | Function | User Type |
| Related Item Editor (deprecated) | Publish | Ability to Assign Any Related Content - Even Content which is beyond your Security Clearance | Admin |
| Sales | Social > CRM | Ability to Manage - Account Import, Account Merge, Accounts, Conversion Funnel Contacts, Conversion Funnels, CRM Analysis, Leads, Opportunities, Opportunity Analysis | Senior Admin |
| Sales Administration | Social > CRM | Ability to View CRM Analysis, Order Line Item Report. and Sales Report screens | Admin |
| Scripting | Publish > Article | Ability to use the Code field and add scripts | Advanced User |
| Section | Structure > Sections | Add | Edit | Manage - Sections | Admin |
| Security | Security | Very High Level Access Management - System Security and User Profiling | Site Controller |
| Share | Promote | Manage | Add - Social Bookmarkers | Share to Social Media | Admin |
| Site Editor | Settings > Site Settings | Ability to Edit | Change Various High Level Site Settings; including: Email Profile, Email Settings, Google Analytics Profile, Redirect, Redirect Import, System Settings, Zone | Site Controller |
| Site Management | Settings > Site Settings | Ability to Edit | Change Various High Level Site Settings; including: Google Maps Profile, Google Sitemap Profile, Google Tag Manager Profile, Recruitment Profile, SMS Provider, Data and Services Usage and Team Time Profile | Site Controller |
| Standard Content | Publish > Articles | Add | Edit | Manage - Articles | Admin |
| Text Item | Settings > Text Items | Ability to Edit Affino System Text Items / Text Screen Prompts | Admin |
| Topic Manager | Publish > Taxonomy and Topics | Set up and Manage Site Topics and Keywords and in a localized Taxonomy Hierarchy | Admin |
| Web API | Settings > System | Ability to Manage APIs and API Profiles | Authorized Developer |
| Zone Moderator | Structure > Zone (Multi-Site) | Ability to Add and Delete Zone (Multi-Site Licence) | Site Controller |
Assigning System Security Rights
Several System Security Rights are grouped together with Several Content Security Rights - to grant Participation Rights, as well as Viewing Rights on Content and Functionality. These collected Rights are assigned to Security Groups, each one of which in turn manages access rights for a particular Site User Group or Audience Category.
Even though the User Types are split by 6 different 'User Types' you will find even more nuances in actual User / Security Groups.
As an example, you might split your staff by rank and ability - and both functional and area responsibilities for the Affino Site.
Larger Site can have all these different roles (Top - to - bottom)
- Site Controller
- Commercial Manager
- Community Manager
- Marketing / Promotional Manager
- Editor in Chief
- Art / Design Department
- Editorial
- Contributors
Affino has set up a number of Default Security Groups with approximate levels of Security Empowerment.
It is up to the Site Controller and or Community Manager to review and arrange all the different Access Rights for the different User Groups.
On smaller sites, much like with smaller businesses, there is a far higher degree of multi-tasking. And in some instance the whole site is managed by not even a handful of personnel.
Guidance & Troubleshooting
- We recommend that for each and every level of Security Group - the Site Controller has a dummy account to access just those privileges. This is essential for ensuring the correct level of access
- The Site Controller typically has all 78 System Security Rights, while those at the lowest rung would not be expected to have more than around a dozen
- Backup accounts are also useful for Site Controller in case mistakes are made
- As the Site Controller, make sure that new Security Rights are assigned across all necessary Security Groups - including the very top 'Site Controller' one, as it is quite common that Rights are assigned to lower down groups - Users etc. but overlooked for the admin staff
- Be aware also that all Security in Affino is Session-based, which means that every time new Securities are Assigned - the Users of that group need to logout and log back in again to benefit from those new Securities!
Did you find this content useful?
Thank you for your input
Thank you for your feedback
Driving business at some of the world's most forward thinking companies
Our Chosen Charity
Meetings:
Google Meet and Zoom
Venue:
Soho House, Soho Works +
Registered Office:
55 Bathurst Mews
London, UK
W2 2SB
© Affino 2024