From: "Flip Hoedemaeker" <flip@keydp.com>
What I would like to do is create a specific set of users who will be redirected to specific subfolders according to the login and password they provide, starting from a main portal. I've tried with the acl_user system, but I don't seem to be able to get it right. I'm getting confused with the differences in authorisation, permission, etc. I'm only concerned with people actually accessing (viewing) the specific parts of a site. Can somebody point me into a starting direction here?
Roles are a set of permissions that make up a type of user, like a Manager, Member, Contributor, Guest, Editor, Reviewer or whatever. You set up what each type of user should be able to do in the root document. You can override it lower down, but you don't have to unless you want to make a folder less accessible than it's parent (see below). After this you add users to roles they should have, ie Manager, member, and so on. Making a folder less accessible is done by: 1. Making a new role called "Groupmember" or something. Do not add any users to this role globally! 2. Override the permission settings for the restricted folders so that only "Groupmember" has acces to the folder. 3. Give the users that should have access to the folder a Local role of "Groupmember" in that folder! Done! If you have many folders like this, you do NOT have to have one role per folder. Instead you put all these folders in the folder you restriced in step 2, and you give users the local role "Groupmember" in each of the folders the user should have access too. Summary: 1. Roles define a set of permissions. 2. You give users these permissions on a per folder basis with local roles. 3. You only need to set permissions at a folder if you want to make the access stricter than it is on the parent folder.