Configuring authorization settings

Once you have configured authentication settings, you can set up authorization settings to control how authenticated and non-authenticated visitors can interact with your site.

To configure authorization settings:

Click menu > Admin > Sites & Settings.
In the Sites widget, select the site for which you want to configure these settings, or select Global to configure these settings for all sites.

Note

If configuring authorization at the global level, navigate to the Auth tab. Under Authorization Manager, select Create New, and proceed to step 5.
Click search, located to the left of more_horiz, and type Authorization Settings.
From the Authorization Settings list, select Create New.
Under Name, give these settings a name (for example, Authorization - <your site>).
Under Authorization Handler, click one of the following options:
- Advanced—Allows you to completely customize authorization access. See the section "Configuring Advanced authorization settings" below for more information.
- Full-Site—Denies access to all authorizable types unless a visitor is logged in. While unauthenticated, the user will be redirected to the specified login page. See the section "Configuring Full-Site authorization settings" below for more information.
- Under Section(s)—Denies access to all content under the specified sections unless a visitor is logged in. While unauthenticated, the visitor will be redirected to a specified login page. See the section "Configuring Under Section(s) authorization settings" below for more information.

Configuring Advanced authorization settings

Selecting Advanced in the Authorization Handler field allows configuring an authorization policy that is composed of the "who" (principals), "what" (resources), "action" (scopes), and "when" (conditions) of authorized access.

Under Authorization Handler, select Advanced.
Under Policies, click add_circle_outline, then select one of the following options:
1. Allow All—Allows any principal to access any resource in any scope. No additional configuration is required.
2. Deny All—Prevents any principal from accessing any resource in any scope. No additional configuration is required.
3. Custom—Allows you to customize all elements of access. See the table below.

Custom policy fields

Field	Description
Principals	Configure the principal to which the policy applies. Any—The policy applies to any principal. Any Authenticated—The policy applies to any authenticated principal. Role—The policy applies to any principals who have the specified role (for example, any principal with the role `Editor` is authorized). Roles—The policy applies to any principals who have all of the specified roles (for example, any principal who has both the roles of `Editor` and `Admin` is authorized). User—The policy applies to any principals who match the specified user (for example, any principal who matches the user `Adam Braun` is authorized).
Resources	Configure the resource to which the policy applies. Any—The policy applies to any resource. Content—The policy applies to a resource that matches the specified asset (for example, the principal is authorized to view the specific asset `What is GraphQL?`). Content Type—The policy applies to a resource if it is of the specified content type (for example, the principal is authorized to view assets of the content type `Article`, so the principal can view the articles `What is GraphQL?`, `What is JAMstack, and what does it mean for web development?` and any other article).
Scopes	Configure the scope to which the policy applies. Any—The policy applies to any scope. View—The policy pertains to whether authorized principals can view authorized resources.
Conditions	Configure the date condition for which the policy applies. Any Date—The policy pertains to any date. Date—The policy pertains to authorizable resources after a specified start date (for example, authorized principals can view authorizable resources after `Jan. 1, 2024)`. Date Range—The policy pertains to authorized resources between a specified start date and end date (for example, authorized principals can view authorized resources between the dates `Jan. 1, 2024` and `Feb. 1, 2024`).
Effect	Configure the effect when an access request matches the policy. Allow—Allows access. Deny—Denies access.

Configuring Full-Site authorization settings

Full-site authorization settings deny access to all authorizable types unless a user is authenticated. While unauthenticated, Brightspot directs the user to a specified log in page.

Field Description

Not Logged In Page

Location where Brightspot redirects unauthenticated visitors. Select one of the following options:

External—Redirects the visitor to a page outside of your site.
Internal—Redirects the visitor to a page within your site.
Site Search—Redirects the visitor to a specified site search page with a specified query entry (for example, a query that says How can I log in? that returns assets that may help the visitor authenticate). You may also specify search filters and search sorts to further curate search results.

Configuring Under Section(s) authorization settings

Section authorization settings deny access to all assets under specified sections unless a visitor is authenticated. While unauthenticated, Brightspot directs the visitor to a specified log in page.

Field	Description
Sections	Select a section that is denied to the user if they are not authenticated. To add additional sections, click add_circle_outline Add Item.
Not Logged In Page	Location where Brightspot redirects unauthenticated visitors if they are not authenticated. Select one of the following options: External—Redirects the visitor to a page outside of your site. Internal—Redirects the visitor to a page within your site. Site Search—Redirects the visitor to a specified site search page with a specified query entry (for example, a query that says `How can I log in?` that returns assets that may help the visitor authenticate). You may also specify search filters and search sorts to further curate search results.

Previous Topic

Viewing authentication entities

Next Topic

Brightcove