Carnegie Mellon University Website Home Page
 

Changing Content (Directory) Permissions

You can set permissions that determine who will be able to access/read you collection or sub-directories within your collection.

Note: This function replaces the previously used .htaccess file method for authentication control. If you used .htaccess you must remove the old .htaccess file from your folder.

Access Control Options

You have three access control options for each directory for which you added directory restriction:

  • Anyone - no access control, imposes no restriction on the directory. This is the default collection access allowing your collection to be read by anyone who navigates to your url. If you set this option, the directory is removed from the access control list. Use this option to remove restrictions that were previously set.
  • Any Andrew User - restricts directory access to any logged-in Andrew user denying access to those who do not have an Andrew account.
  • A list of specific users restricts directory access to only those Andrew or Qatar userIDs specified in the Add user's Andrew UserID to access list field. UserIDs not listed are denied access to the directory.

    Note: This  page only accepts Andrew and Qatar userIDs and not real names and will verify all userIDs for you.

Set Access Controls

Follow these steps to set access/read permissions to your collection:

  1. Login to the Andrew Web Publishing System.
  2. Select Administer this collection for the collection for which you want to change permission information.
  3. Under Permissions, click Content permissions.
  4. In the Directory to restrict field, type the name of the directory you wish to restrict access to and click Add. For example:
    • To restrict access to the directory http://www.cmu.edu/computing/documentation/outlook, type outlook in the Directory to restrict field.
    • If you want to restrict access to the entire collection, type a forward slash character / to indicate the root directory for the collection.
    You can also do the following:
    • To remove restriction for an entire directory: select Anyone - no access control for that directory and click Change Access Control.
    • To remove access permission for a specific user: click Remove next to the userID under the Add user's Andrew UserID to access list option.

      Note: When adding directories, the system WILL NOT verify if a directory really exists. Therefore, you will need to type the name exactly as it appears on the server. Be sure to differentiate between capital and lower-case letters. Directories will appear in the order in which they were added; the order they're displayed on the permissions page is not important.
  5. Notice that now, in addition to access control options for the root of the collection, there are additional access options.

Access Control Tips

  • If you change the access control type for a particular directory, you will need to publish the collection in order for the change to take effect.
  • If you add access controls for a directory that does not exist in staging, future publishes will fail. Either remove the access controls, or create an empty directory in the staging server before publishing.
  • You may add access restrictions to a directory before creating the actual directory. This way, you can ensure that new content has the appropriate restrictions.
  • If you toggle between the Any Andrew user and the Specific Andrew users options, the user list that you specify will be maintained.
  • When using the Any Andrew user option, affiliates from the ECE and CS domains will also be allowed access.

Last Updated: 3/17/14