Security

Message board

Based on the Access and Message board owner properties of the Message board web part, you can determine who will be allowed to add new messages to the board.

Changing the values

Remember that once the message board is created (after first message or subscription), you cannot make changes to these settings in the New board settings section of web part properties. You can only modify values of the Access property on the Security tab when editing the corresponding message board in CMS Desk -> Tools -> Message boards.

The following table explains who can add messages to the board under particular configurations. The difference between User and Public boards is that Public boards are always related to a document, while User boards are always related to a document and a user.

Public boards are typically used when you want multiple users to post messages to it. User boards are typically used on user profiles, as you can see on the Community starter site sample website, on the Members -> Profile page.

Message board owner	Access	Anonymous user	Authenticated user	Authorized role	Owner	Owner in authorized role
Public board	All users	Yes	Yes	Yes	Yes	Yes
Public board	Authenticated users		Yes	Yes	Yes	Yes
Public board	Authorized roles			Yes		Yes
Public board	Owner				Yes	Yes
User	All users	Yes	Yes	Yes	Yes	Yes
User	Authenticated users		Yes	Yes	Yes	Yes
User	Authorized roles			Yes		Yes
User	Owner				Yes	Yes

When a board is in the User x Owner configuration, the following conditions need to be met in order for the current user to be able to post messages:

•	the page must be accessed with userid or username parameter in querystring

•	the current user must be the same as the one whose userid or username is passed in querystring

•	the current user must not be hidden (configured by the Is hidden option when editing the user)

This can be typically used on user profiles, where messages to such board can be posted only by the owner of the profile, while other users can only read these messages. An example of such board is the MessageBoardAnnouncements board on the /Members/Profile page of the sample Community Site.

Group message board

The Group message board is always related to some group, hence only the Access property can be set. You can see a typical usage of this web part on the Community starter site sample website, on the Groups -> Profile page.

Access	Anonymous user	Authenticated user	Authorized role	Group member	Group member in authorized role	Group admin
All users	Yes	Yes	Yes	Yes	Yes	Yes
Authenticated users		Yes	Yes	Yes	Yes	Yes
Authorized roles			Yes		Yes	Yes
Group members				Yes	Yes	Yes
Group admin						Yes

When the Group members option is set, the following conditions need to be met in order for the current user to be able to post messages:

•	the page must be accessed with groupid parameter in querystring

•	the current user must be member of the group whose groupid is in the querystring

•	the current user must not be hidden (configured by the Is hidden option when editing the user)

This can be typically used on group profiles, where messages to such board can be posted only by members of the group, while other users can only read these messages. An example of such board is the GroupMessageBoard board on the /Group-pages/<group name> page of the sample Community Site.

Permissions

Permissions for access to Message boards administration interface can be set in Site Manager -> Administration -> Permissions. You have to select the Modules -> Message boards permission matrix.

•	Modify - members of the roles are allowed to edit message board settings, delete the boards and manage message board posts

•	Read - selected role members are allowed to read the records and configuration of particular message boards, but are not allowed to modify them

devguide_clip0431

Page url: http://devnet.kentico.com/docs/5_5r2/devguide/index.html?message_boards_security.htm