Security within GreenOrbit follows a hierarchical model, enabling you to easily apply complex security controls at multiple levels within your site structure (e.g. Subsites, Folders, and Pages) as well as your business Roles (Everyone, Domain, User Groups, and Users).  


Security settings


This hierarchical model follows the logic that specific security settings take priority over less specific settings.  Listed below are the Types of security that can be set in the system, the Entities (i.e. locations) where security can be set and the user Roles who are privy to this security. 


Security Types

These items are listed in order from least to most specific. An item further down will take precedence over items above.


  • Inherited Security - When no specific security has been set for the user, the inherited security level is applied (inherited from the parent entity or subsite level, i.e. Everyone set to Read-Only);
  • Secured (Allow access) - security specifically grants the user or group access
  • Secured (Deny access) - security specifically denies the user or group access

Scenario: A user is a member of the "HR Group" and this group is specifically granted access to a folder so that user is allowed access to content.  However, if in addition to the group access, this user is specifically denied access then the user will no longer be allowed access the content. This is because denying a user takes a higher priority than inherited or allowed access.



Securable Entities

These items are listed in order from least to most specific. An item further down will take precedence over items above.


  • Subsite - security applied at the subsite level
  • Folder - security applied at the folder level
  • CMS Pages - security applied at the CMS page level
  • Online Forms - security applied at the form level
  • Company Calendar - security applied at the calendar level
  • Meeting Room Booking - security applied at the room level

Scenario: A user is denied access at the folder level so this user is not allowed to view any content within that folder. However, if the user is granted specific access to a page contained within that folder the user will have access to the content since the CMS Page has a higher priority than the subsite or folder.



Roles

These items are listed in order from least to most specific. An item further down will take precedence over items above.


  • Everyone - security applied at the "Everyone" (system setting) level;
  • Domain - security applied at the Domain level;
  • User Group - security applied at the User Group level; and
  • User - security applied at the User level;

Scenario: A user is a member of the "Company Domain" and this domain is specifically denied access to a folder so this user is denied access to this content. However, if in addition to the domain security the user is specifically granted access then the user will have access to the content since security at the User level has a higher priority than the Domains.