Permissions
Permissions is an application that lets you control user access and capabilities across the Arc XP applications.
Permissions allows administrators to assign specific application permissions to users across multiple sites, giving granular control over who can access and manage content.
Having specific application permissions is essential if you must:
restrict users from managing content for specific websites.
grant access across all organizational sites for certain user groups, such as Editors.
provide granular administrator actions to select users.
The Permissions setup has three main components: users, roles, and squads.
Users are individuals who need access to Arc XP applications. You manage your users through identity providers, like Okta or Active Directory, and not directly in Arc XP. In your identity provider, you assign your users to groups, which determines what they can access.
Roles are bundles of specific privileges across Arc XP applications. For example, an editor role might have publishing rights in Composer, task management in WebSked, and page management capabilities in PageBuilder. Roles define what actions users can perform within the applications they can access.
Squads tie everything together by connecting groups (the users) with roles (the permissions) and specific websites. For example, a squad called East Coast Editors might combine:
The editor role with its associated privileges
groups containing editors from different cities
access to specific website properties those editors should manage
This three-part system allows you to create flexible permissions structures where users can have different levels of access across different sites and applications based on their organizational roles and responsibilities.
Identity providers
Arc XP integrates with various third-party identity providers to authenticate users and grant them access to specific applications and permissions. However, Arc XP does not handle authentication itself. Instead, it relies on these external systems to manage user identities and permissions using the user lists they provide.
Each identity provider is different, but they are commonly responsible for defining the users (individuals) and groups (lists of users).
Arc XP actively supports the following identity providers.
Okta. See Integrating Arc XP with Okta
Microsoft Entra ID. See Integrating Arc XP with Microsoft Entra ID (Azure AD)
Microsoft ADFS. See Integrating Arc XP with Microsoft ADFS.
Google Workspaces. See Integrating Arc XP with Google Workspaces.
Arc XP can evaluate other SAML-based identity providers upon request.
Prerequisites
To use the Permissions application, you must have administrator privileges within your organization.
Getting Started
The Permissions application supports two permissions types: multi-site permissions and granular permissions.
Multi-site permissions allow organizations to control user access to specific websites within Arc XP. For example, an organization managing multiple news websites can grant editors access to certain sites while restricting access to others. This means a user could have permission to perform actions on one website but not another, even with the same role.
Granular permissions provide detailed control over specific actions users can perform within Arc XP applications. For example, an editor role might have publish rights in Composer, the ability to claim tasks in WebSked, and access to manage pages and templates in PageBuilder.
The following table indicates which Arc XP applications allow each permission type.
PageBuilder | Settings | Composer | Photo Center | Video Center | Subscriptions | Developer Center | |
|---|---|---|---|---|---|---|---|
Multi-site permissions | x | x | x | x | |||
Granular permissions | x | x | x | x | x | x |
To set up each permission level, refer to the following: