Skip to content
Softpro CMS

User Management

The CMS provides comprehensive user management capabilities to control access, permissions, and user registration processes. This guide covers user roles, registration settings, and security features.

User Roles and Permissions

Section titled “User Roles and Permissions”

The CMS supports a role-based access control (RBAC) system with predefined roles.

Role Assignment

Section titled “Role Assignment”

Users can be assigned roles during registration or by administrators through the admin panel (requires admin privileges).

User Management

Available Roles

Section titled “Available Roles”
RoleDescriptionPermissions
AdminSystem and content managementContent creation, editing, user approval, access to system settings
AuthorFull content creation and publishingCreate and edit own and other users content, full publishing rights
ContributorBasic content creationCreate and edit own content, limited publishing
ViewerRead-only accessView content only

User Registration Settings

Section titled “User Registration Settings”

Configure user registration settings to control how users can register and access the CMS.

Allow User Registration

Section titled “Allow User Registration”

Enable or disable public user registration through the CMS configuration:

  • Allowed domains: Restrict registration to specific email domains
  • Require invitation: Require invitation codes for registration
  • Default role: Set default role for new users

Email Verification Required

Section titled “Email Verification Required”

Configure email verification requirements for new user accounts:

  • Required Verification: Users must verify their email before accessing the system
  • Expiration Time: Set how long verification links remain valid
  • Auto-activation: Automatically activate accounts after email verification
  • Resend Limits: Prevent abuse by limiting verification email resends

Auto-approve Users

Section titled “Auto-approve Users”

Configure automatic user approval to streamline the registration process:

  • Immediate Access: Users can access the system immediately after registration
  • Conditional Approval: Set conditions for automatic approval (email verification, domain restrictions)
  • Admin Review: Require admin review for specific user types (optional)

Security Features

Section titled “Security Features”

Configure security features to enhance the security of the CMS.

Password Policies

Section titled “Password Policies”
  • Minimum Length: Set the minimum number of characters required for passwords
  • Uppercase Requirement: Require at least one uppercase letter
  • Lowercase Requirement: Require at least one lowercase letter
  • Number Requirement: Require at least one number
  • Special Character Requirement: Require at least one special character
  • Prevent Common Passwords: Prevent users from using common passwords

Session Management

Section titled “Session Management”

Configure session settings to enhance security and user experience:

  • Max Age: Set the maximum age of a session
  • Secure: Require HTTPS for all sessions
  • HTTP Only: Prevent XSS attacks
  • Same Site: Set the same site policy for cookies

Rate Limiting

Section titled “Rate Limiting”

Configure rate limiting to prevent abuse and improve security:

  • Max Attempts: Set the maximum number of login attempts
  • Lockout Duration: Set the duration for which a user is locked out after too many failed attempts
  • Reset Attempts: Reset failed login attempts after a successful login

User Activity Monitoring

Section titled “User Activity Monitoring”

Track user activities and manage user sessions:

  • Login History: Track user login attempts
  • Content Actions: Record content creation and editing
  • System Access: Monitor system access and permissions

Best Practices

Section titled “Best Practices”

User Registration Workflow

Section titled “User Registration Workflow”
  1. Enable Registration: Set Allow User Registration to true
  2. Configure Verification: Set Email Verification Required to true
  3. Set Default Role: Choose appropriate default role (e.g. author for content creators)
  4. Configure Auto-approval: Enable if appropriate for your use case, otherwise set to false.

Security Recommendations

Section titled “Security Recommendations”
  • Always require email verification for new accounts
  • Use strong password policies (see Password Policies)
  • Implement rate limiting for registration attempts (see Rate Limiting)
  • Regularly review and update user roles
  • Monitor user activity for suspicious behavior
  • Use HTTPS for all user management operations (see Session Management)

Role Assignment Guidelines

Section titled “Role Assignment Guidelines”
  • Admin: Assign to content managers and team leads
  • Author: For contributors who create content but don’t publish
  • Viewer: For read-only access to content
  • Contributor: For users who create content but don’t publish

Troubleshooting

Section titled “Troubleshooting”
User cannot register
  • Check if registration is enabled
  • Verify email domain restrictions
  • Ensure invitation codes are valid (if required)
Email verification not working
  • Check email server configuration
  • Verify verification link expiration settings
  • Review email template configuration
Auto-approval not working
  • Verify auto-approval conditions are met
  • Check user role and permission settings
  • Review admin review requirements