This background is for site bulders and the site administrator.
- A restricted category is a category which only members of a certain group can see.
- If a product appears only in such a category, the normal visitor to the site won't even know it exists.
- Sub-categories under a restricted category will be similarly hidden.
- Both sub-categories and products can appear under more than one restricted or un-restricted categories. If they appear under unrestricted categories they will be visible to all visitors. This might be done if the product or sub-category is included in the restricted category since visitors may want to order it at the same time as products which need to be restricted.
- For a site to support restricted categories, access restrictions to content must be enabled, at least one access Group defined and the site must have a catalog.
Go to Top
Steps to Create a Restricted Category:
- Enable access restrictions on the site (site configuration), "Groups" and "Members" buttons will appear in the top row of the administrative panel
- Go to the "Groups" section and ensure the Auth. Group Name is present which will "own" the restricted category(s). Add it if not. (see below for details and choices)
- Create one or more members who will have access to that section. Click on the Member's button in the top row.
- Create a new or modify an existing category.
- Click on the Categories button in the second row at the top of any administrative page.
- If its a new category, fill in the information as you would normally.
- Just before the parent Category drop down is a new drop down "Restrict to". Select which Group the category will be restricted to.
- Add/Update as normal.
- The category will only appear to visitors who have signed in and are members of the the correct Group.
Go to Top
Sign In and You are not Authorized Pages
- The site designer needs to create a hidden page which will tell people they need to sign in before they can visit a category.
- Reason: visitors may bookmark the category and come back after their session has timed out and the system will not remember that they used to be recognized.
- Create a content page in a site appropriate section (so the table of contents make sense). Perhaps this could be a section introducing the catalog. Record the pages PID
- Using the Configuration function enter the PID of this page as the "PID for Un-authorized catalog redirect".
- There needs to be a page or pages where the visitor can sign in. These are just content pages which are "restricted".
- Option 1: Use a common page for all the various groups. To do this create a special "Group" to which all "Members" are assigned. Assign no category to this "Group". Create the sign in page and restrict access to the special "Group". Once they have signed in the Category lists will show them all the categories, both restricted and not, to which they have access.
- Option 2: Use different pages for each of the restricted groups. They can then be introduced on this page, to the actual "special" categories to which they are now entitled to view.
Go to Top
Access Groups and Members
- Each page can be marked as being owned by an Access Group. A Member is a special kind of visitor, i.e., a visitor who is assigned to one or more Access Groups.
- Each access Member can be given access to one or more Access Groups. Note:
- Several visitors can be given the same name and password. They will all have access to the same set of pages. The system considers them to be one "member".
- Several visitors can be given unique names and be assigned separate passwords and given access to the same access Group pages.
- Since the user 'Admin' must assign/revoke each access Member grouping sometimes simplifies matter. However, if visitor needs to have access revoked then all visitors who are using the same name and password will have to be given at least a new password when the password is reset. Also, even if the site is configured to send a password to a "Member" shared "Member" names should not have an email address since it will go only to that one email address, not all the visitors who use the same "Member" name.
- Causion: the user names used to access the content/media management have nothing to do with the page Access "Member" names and passwords. They can be the same or different. Also, if a page editor is not given a access member name and password they will not be able to see their work unless they make the page publicly viewable.
Go to Top
- If you wish to have all the pages not visible except to a certain group of viewers all the pages within that section need to be marked as "Restricted To" using the Restricted To: drop down on the Manage Pages web form. Used in this way, there should be no link to any of these pages from a non-restricted page
- An alternative is to have to the top page of the section visible (display order 1 - 1) and explain on that page that all the other pages within that section are restricted. The titles of the top level pages will appear in a Table of Contents so the visitor can determine if they wish to sign in. All other pages within a section a restricted.