<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1639164799743833&amp;ev=PageView&amp;noscript=1">
Diagram Views

Using Content Permissions and Workflows in a CMS-driven Website

Kendall Smith QA Team Lead
Published on February 14, 2014

Learn how a CMS provides robust capabilities for handling user permissions and workflow approval processes.

A content management system (CMS) is a powerful tool for creating and managing a website’s content, providing a wide variety of capabilities for content editors. But one aspect of this content management that is sometimes under-utilized is the use of permissions and workflows to determine who can create, edit, or view content and allow supervisors to approve content before it is published. Let’s look at how a CMS handles these controls and the ways they can be utilized to streamline the process of content creation:

Content Permissions

A CMS provides robust capabilities for determining which users are allowed to access or update content. This is done by creating user groups, and then defining what access level groups have to certain content. Permissions can be defined for each individual piece of content, but it is usually best to define the permissions at the folder level (with subfolders inheriting the permissions of the folder levels above them), in order to keep them consistent within different sections of the site.

As an example, suppose you have a “Blogs” section of your website, and within that section, you have a “Marketing” blog and a “Developers” blog. These would be defined in the CMS as a “Blogs” folder that contains “Marketing” and “Developers” subfolders. Users in a “Developers” group would have access to the Developers folder, and users in a “Marketing” group would have access to the Marketing folder, while a “Blog Editors” group could also have access to the entire Blogs folder, granting them access to both subfolders, as well as any other blogs that are set up in other subfolders.

Different levels of access can be defined for the website’s content. These permissions are defined as follows:

  • Read-only – Users can view content, but are unable to make any changes.
  • Edit – Users can edit existing content.
  • Add – Users can create new content.
  • Delete – Users can delete existing content.

Combining these controls as needed allows administrators to set the permissions for different groups, so that some users may be able to edit existing content but not create new content, while other users can create and edit, but not delete content.

You’ll also want to be aware of other types of permissions that may need to be defined, including whether certain groups have access to update menus, taxonomies, collections, and library items (images or files).

Permissions can also be set on the website itself, allowing certain pages to be either public or private, requiring users to log in to access private content. This is done by defining Membership users who can log in to the site but not access the CMS workarea. As with CMS users, groups can be created for Membership users, and access can be granted to these groups on a content-by-content or folder-by-folder basis. This access does not allow Membership users to edit any content; it simply determines whether the content is visible to the user on the front end or not. Depending on which CMS you are using, you may have a limited number of Membership users available, and this functionality may incur an additional cost; contact your CMS vendor for more information about licensing.


In addition to defining who is allowed to create or edit content, a CMS also provides the capability to put an approval process in place, allowing supervisors to review content changes before they are published. This process is called workflow, and it sets tasks on certain content (usually defined at the folder level) that will go into effect when changes are made to that content. A “chain” of approvals can be put in place so that when a user in a lower-level group makes changes and submits them for approval, the next group in the chain will be alerted, and then when they approve the changes, the next group will be alerted, until the final approval is made and the content is published. Members of these groups can be alerted via email that changes have been made that need to be approved, or content needing approval can be listed in a section within the CMS. This process allows all the relevant managers or supervisors to make sure content is correct before it goes live on a public site.

While workflows provide a robust approvals process, it’s best to keep them simple, with as few links in the approvals chain as possible in order to keep content from getting stuck waiting for approvals. Likewise, approvals should be assigned to groups rather than individuals, and the more approvers in a group, the better, to make sure there isn’t a “bottleneck” that keeps content from being published. Since content editors are unable to see how content looks after being published until the approvals have been completed, the approval process should be able to be completed quickly. Approvals should also be used only for the main content on a page, rather than for related content like banners or lists of links, in order to allow content changes to be made without having to wait for approval on multiple elements of a single page.

A CMS provides a great deal of customization options that allow you to control all aspects of how the content on your site is created and published, but getting these processes like permissions and workflows configured can be complicated. Do you have any questions about how to set up permissions or workflows, or tips on how you’ve used them in a way that streamlines your content strategy? Please let us know in the comments below.