Managing a page's security
To manage a content page security, go to the Pages section of the back office, in the Security tab of the chosen content page.
General permissions at the domain level have priority over permissions at the page level. For example, if a user has the "Browse all pages" permission, they can access any page, even the private ones. They don't need to be added to the page and granted security permissions for that private page.
Choosing an access policy
Content pages created with the Opendatasoft platform can either be accessible by anyone allowed on the portal or restricted to specifically defined users.
To choose the access policy of a content page:
Go to Security > Access policy
Perform one of the following actions:
Click the Public access button to let any user access the page, as long as they have access to the portal
Click the Private access button to restrict the access to the page to specifically defined users and/or groups of users
If a user has access to a content page created from datasets that they aren't allowed to access, all related visualizations will not load. However, that user will be able to read all other information displayed on the content page, such as text.
Managing page permissions for users and groups
Users and groups must be added in the Users & Groups section beforehand. Otherwise, they can't be found in a page security management. No matter the access policy or the permission, permissions can indeed be given to users individually or through groups of users, but both users and groups must already be listed in the Users & Groups section of the back office (where users are invited to the portal and where groups are created).
There are two permissions available in the security management of a content page:
Browse page allows the user, or group of users, to access the page and its content. This permission is set by default for all users added to the security management section of the page.
Edit page allows the user, or group of users, to access the back office to edit the content of the page.
These permissions have different impacts depending on the chosen access policy.
"Browse page" permission:
For a private page, the "Browse page" permission gives access to that page, hence the importance of adding users to the security management section. Otherwise, nobody (except users with the general domain-level "Browse all pages") can access the page and its content.
For a public page, the "Browse page" permission doesn't change anything to the access security of that page because it is already accessible by anybody who has access to the domain.
"Edit page" permission: this permission is relevant for both private and public pages and gives edition rights on the page to any user/group of users added to the security management section of the page and granted with this "Edit page" permission.
Adding and deleting users or groups of users from a page
Adding users or groups to a page
Go to Security > User permissions or Security > Group permissions, depending on whether a user or a group will be added.
Click the Add user/group permissions button at the bottom of the table.
Select one or more users/groups of users from the list. A search bar is also available to search a user/group by name.
(optional) If all added users/groups are going to be granted the "Edit page" permission as well as the default "Browse page" permission, it is possible to grant that permission now. Otherwise, permissions can be granted afterward. To grant the "Edit page" permission, at the top of the "Add user/group permissions" window, in the "Grant these permissions" section:
Click the Add permission button. Click the Edit page permission button.
Click the Add user/group permissions button at the bottom of the Add user/group permissions window.
Click the Save button in the top right corner.
Deleting users or groups from a page
Go to Security > User permissions or Security > Group permissions, depending on whether a user or a group will be deleted.
In the table, the first column indicates the name of the user or the group of users. The second column indicates the corresponding permission(s). The third column displays the trash icon.
Click the Save button in the top right corner.
Managing page permissions for users and groups of users
Managing page security permissions can mean two things:
Granting a user or a group of users a new page permission
Deleting a page permission for a user or a group of users
Granting page permissions for users or groups
Go to Security > User permissions or Security > Group permissions, depending on whether the new permission must be granted to a user or a group of users.
In the table, the first column indicates the name of the user or the group of users. The second column indicates the corresponding permission(s). In this second column, click the Add permission button to add a new permission to a chosen user or group of users.
Click on the permission to grant.
Click the Save button in the top right corner.
Since there are only two page permissions, including the default Browse page permission, the only permission left to be granted is Edit page.
Deleting page permissions for users or groups
Go to Security > User permissions or Security > Group permissions, depending on whether the new permission must be deleted for a user or a group of users.
In the table, the first column indicates the name of the user or the group of users. The second column indicates the corresponding permission(s). In this second column, click on a chosen permission to delete it.
Click the Save button in the top right corner.
It isn't possible to delete the Browse page permission. The only page permission that can be deleted is Edit page. To prevent a user from accessing a page, the page must be private (see Choosing an access policy above), and the user must be deleted from the page security (see Deleting users or groups from a page above).