Knowledge Base

User rights & roles

Last Modified:
27 Nov 2018
User Level:


For TERMINALFOUR to function as a coherent system, there are roles and rights assigned to each type of user account. We have five types of user accounts ranging from the 'visitor' to the site, to the Administrator. Below describes each user role / type, and the typical rights assigned to that user.


As with any organization, people serve in different roles to perform their duties. The users of the TERMINALFOUR system are also assigned specific roles that entitle them to perform various duties associated with the use of the system. With the exception of the Administrator, not all roles can have access to all functions.

The primary role for the system is held by the Administrator, followed by the Power user, Moderator, and Contributor, as shown, is the graphic above. In general terms, the roles are defined as:


Administrators have access to everything in the system. Some of the rights only an Administrator has are as follows:

  • Recycle Content
  • Create & Delete Groups
  • Assign Power users to Groups
  • Mail users
  • Manage Languages & Metadata mappings
  • Create, edit, delete the reports; Accessibility, Site analytics, Broken links
  • Create, edit, delete, view the reports; SEO, Content owners, Page layout usage, Navigation usage, Content type usage
  • Manage HTML import, External sources, External Content Syncer, Access control, Push to social, Mobile integration, Email campaigns
  • Create, edit, delete tasks in the Task Scheduler
  • View Audit Report & Error Report
  • Configure the CMS
Power user

A Power User can be viewed as a "Local Administrator" and they are designed to have some Administrator privileges but based around Channels/Microsites & Groups, rather than globally.
Power Users are given their rights by an Administrator in two ways; via Groups and Channels.
When an Administrator is setting up a Power User they should add them to at least one Group. They should also add Contributor and Moderators to the Group(s) so that they are then accessible to the Power User. 
For each Power User, channels can be assigned to them. This then allows Publish & Transfer rights to be configured for them.

  • Create/edit/delete Users
  • Edit Groups (only those groups that they have been added to by an Administrator)
  • Assign Rights to Moderators (only those users they created or are part of a group that they are in too)
  • Assign Rights to Contributors (only those users they created or are part of a group that they are in too)
  • Assign Rights to Groups (only those groups that they have been added to by an Administrator)
  • Manage Assets (Content Types, Lists, Navigation Objects, Page Layouts & Workflows)
  • Manage Channels
  • Manage Packages
  • View reports (Accessibility, Broken links & Site analytics)

In addition to the rights of a Contributor:

  • Approve/Reject Content
  • Assign Rights to Contributors
  • Duplicate section
  • Set output URIs on a section *
  • "Update & Approve" *
  • Bulk Selective approval *
  • Set Media auto publish, access rights & edit rights *
  • Upload a package of media *
  • Publish now & Transfer now *
  • Create/edit/delete content
  • Create/edit/delete sections *
  • View Accessibility reports *
  • Edit their User Profile

*These roles are configurable with customization. You can also impose local practices regarding roles and access.

Please see the matrix of user rights and roles.


In what can be called a 'sub-role' is the Visitor. As they view the organization's published material and complete eForms on the site, they become participants in the site, and their actions complete the loop from creating the site to the audience.

In some cases, they would have controlled access, as an example: the staff would have access to staff areas that the student would not. 

Accounts access is made using a traditional format of username and password pairs. Username and password combinations must be unique within the system. Local security practices for username and password prevail.

Users can be combined into groups to simplify assigning rights and roles within TERMINALFOUR. The system also supports LDAP and NTLM single sign-on functionality where users can use their existing network usernames and passwords.