skip to content

Falcon Content Management Service

Help and support

There are many different 'levels' of users within Falcon, several of which have quite subtle differences between them. Most commonly seen are 'members', 'site admins' and 'managers'. At the time the site is set up, managers are configured in, but more managers can be added by an existing manager who can also add members to the site. The full list of roles is as follows:

  • Contributor - a user with a contributor role can add content and submit it for review. Such user can also view another user's content that is not in the published state, but cannot edit it.
  • Editor - a user with an editor role can edit content by self or others. He can't add new content, but can edit existing content. Such user can manage content properties and submit content for publication.
  • Member - this is the most common role for site users. Users with this role can see anything that is published on site, but cannot add new content or edit it. This role is assigned to normal users who join the site but will not be doing any changes to the content (apart from their profile in the research directory).
  • Personnel Manager – this is a category added by the research directory to manage other people’s profiles.
  • Reader - users with a reader role can read content by others, they can view content items that are in a private state, but cannot make any changes.
  • Reviewer - a user with a content reviewer role has the power to edit/publish content that has been submitted for review, but cannot create new content. There is a special portlet for Reviewer that gathers content that needs to be reviewed.
  • Site Administrator - a site administrator has super user powers within Plone site. Such user has full access to manage content and configuration in a Plone site, but does not have access to the Zope Management Interface and other places, where system administration or Plone integrator/developer skills are required.
  • Manager - a user with a manager role can do everything. Such user has access to the control panel, where many site wide settings can be changed and updated. Manager can also manage things via the Zope Management Interface.

NB: Never give 'logged-in users' edit/add access to the site - this will include anyone who can Raven authenticate. It's best not to use 'logged-in users' for sharing permissions at all.

Adding users and managers

  • A current manager of the site must log in to it and go to 'Set Setup' (in the top right corner of the browser window).
  • Select 'Users and Groups' and select 'add new user'
  • Enter the username, which must be If a user normally uses an @cam email address (also some departmental addresses) then it will show their crsid, if not you can use Lookup to find what their crsid is. You will also need to add their email address and their name. Click 'register'.
  • On the 'User overview' page you have been returned to, either search for the user you have just added or go to 'show all'
  • You will see a line of check boxes against each user name. The user you have just added will have been added as a member for the site, since that is the default. If you wish them to be a manager, then check the relevant box and then 'apply changes' at the bottom of the table.

Removing site administrators and managers

When you remove a site administrator or manager who you have added manually, you have to manually remove their role permissions (and save) before you remove them as a user. If we add and remove them programmatically this doesn’t happen.


  • Managers who have been added as part of the setup procedure will not show as members of the site.
  • If you are using a research directory on your site, creating a person in the research directory makes that person a member of the site - this is what allows them to log in and edit their entry after you have created it my adding their name and You will see a blue circle in the 'member' column if they have been added this way. You can give them further roles if you want without creating another username for them.
  • if you want to give an existing manager a profile in the directory, don't complete the 'Access account id' field otherwise you will restrict that manager's access to the site. Should this happen another manager will have to remove the info in that field, or can do it for you.
  • You can make a member of the directory into a site administrator or manager, in which circumstance the 'Access account id' field must be filled in as that is the means of authentication to the site.