Hint: The member authorizations are technically TYPO3 Backend user groups. Those user groups are assigned to the corresponding Backend user when she authenticate into the TYPO3 Backend.
The management of the member authorizations takes place in the last tab of a member record:
The “Authorizations” part should be seen as a way to assign “roles” to the corresponding member. Please refer to chapter Roles in Management website for a description of each and every role in this list.
The “Authorization Levels” define one or more entry points in the LionsBase hierarchy where those roles apply.
The following figure shows the typical structure of a LionsBase install:
Roles and access:
- The “Website editor” role grants access to one ore more club websites, which are identified with a world icon ().
- The “Management of …” roles grant access to one or more LionsBase data folders, which are identified with a black icon ().
- The “LionsBase administrator” roles basically grant access to the folder enclosing the selected level.
- Role “Website editor” with authorization level “Gros-de-Vaud, Lions Club” grants access as Webmaster for the website [ Gros-de-Vaud (36230)].
- Role “Management of events” with authorization level “Gros-de-Vaud, Lions Club” partly grants access as Club LionsBase Master for the data folder [ Gros-de-Vaud (36230)].
- Role “Management of activities” with authorization level “102 W” grants access to the data folder [ - District Data 102 W].
Combination of Roles and Authorization Levels¶
Please read this section carefully as the combination of roles and authorization levels is the tricky part to grasp from the management of member authorizations.
Roles and authorization levels are both technically represented by TYPO3 Backend user groups. Backend user groups may define:
- Access lists: Members are allowed to read some tables, edit others, see and modify a set of special attributes (e.g., the name of a club), or use a restricted set of content elements, …
- Page mount points: Members have access to a given part of the page tree.
- File mount points: Members have access to a given part of the file system (Module File > Fileadmin).
The roles in LionsBase only configure access lists whereas the authorization levels configure page and file mount points.
Due to technical restrictions from TYPO3, members being part of multiple groups get their TYPO3 authorizations (access lists, page and file mount points) all applied at the same time. This means that it is not feasible to grant access for instance to management of events solely in a club and management of activities solely at a district level.
The first screenshot shows a member with following roles:
- Website editor;
- Management of club information and members;
- Management of social activities;
- Management of events;
and following authorization levels:
- Gros-de-Vaud, Lions Club;
- 102 W.
The combination of those roles grants her access to:
- [ Gros-de-Vaud (36230)]: as webmaster;
- [ Gros-de-Vaud (36230)]: for events, social activities, club information and member, …
- [ - District Data 102 W]: for events, social activities
Club and member records are not allowed outside of club data folders (with the exception of the root data directory [ LionsBase Data], which is used to hold records for clubs outside of the multi district, foreign sponsor members, …, but is only accessible to Multi-District LionsBase Masters).
Please note: The role “Website editor” may in fact be assigned either as “Level 1” or “Level 2”. Please read chapter Webmaster Levels for further information.
- Access to the club websites for a whole zone or region at once is not possible;
- Role “Website editor” has no effect without an authorization level corresponding to a club;
- Role “LionsBase administrator” automatically grants all other roles to the member and give access as webmaster for the corresponding District or Multi District authorization level.
Additional Backend User Groups¶
In case the LionsBase install is used for another purpose than purely for LionsBase-generated websites (e.g., the multi district website), this panel lets you assign arbitrary Backend user groups from TYPO3. Ideally, those user groups should define both access control lists and file or page mount points. Please refer to the TYPO3 documentation for further details.