Securing Sites

CMU’s enhanced websites have done away with the sync feature entirely, making the process of managing your internal and external content much easier and drastically increasing the efficiency of getting pages approved.  Instead of managing a page or site within CMU’s internal environment, security management is now a simple process of locking down your site in the websites to allow access to only logged-in users or even onlCMU faculty and staff.

Removing anonymous access

Having “anonymous access” enabled means that any visitor can view your website regardless of whether he or she is logged in.  By using an easily accessible button in the Ribbon, you can remove anonymous access on your site to ensure that only logged-in users with a Global ID can access your website’s contents.

NOTE: These settings change the permissions for the site and cannot be implemented on a page-by-page basis.  In most cases, you may wish to create a sub-site for your secured pages so you can easily manage all of your secured content in one location.

  1. ​Log in to CentralLink and navigate to your website.
     a. Logging in is necessary to get the Site Actions menu and Ribbon to appear.  This will only appear for editors and approvers in the site.

  2. If the Ribbon is not displayed, click the gear icon and choose Show Ribbon.  If the Ribbon is displayed, proceed to step 3.

  3. The yellow status bar will indicate the current security status of your site. This status bar will only display when the Ribbon is shown. There are three possible statuses:
    a. This site is available to all users.  This means that the site is publicly available to anyone.
    b. This site is only available to authenticated users. This means that the site can be viewed by anyone who is logged in with a CMU Global ID.
    c. This site is only available to non-student authenticated users. This means that only CMU faculty and staff who are logged in can view the contents of this site.

  4. You’ll notice that the yellow status bar also indicates whether your site inherits permissions.  There are two possible statuses:
    a. This site does not inherit permissions. This means that, regardless of changes made to the parent site’s permissions, the permissions on this site will not change.  This site’s permissions are managed individually.
    b. This site inherits permissions. This means that this site does not have its own individual permissions.  Rather, the permissions set for the parent site also apply to this site, and any changes to the parent site will be reflected in this site.
  5. To change the current security settings for your site, you can either click on Make security changes in the yellow status bar, or you can click the Security Settings button under the Page tab in the Ribbon.
  6. Choosing either option will cause the security settings bar to appear. This can be used to set a number of security options:
    a.    Reset permission inheritance. This will reset the site permissions to inherit from the parent site.
    b.   Allow all users. This will make the site publicly available for all users.
    c.    Deny anonymous users. This will restrict the site to only users logged in with a Global ID. 
    d.   Allow students.  If student access has been disabled, this will reinstate student access.
    e.   Deny students. This will deny student access to the site.  Note that “deny anonymous users”
    must be selected first.
  7. Changing any security setting through this menu will take effect immediately.
  8. Importantly, take note of the disclaimer at the bottom of the security settings bar. If your site has been highly customized with special permissions groups, those groups may contain students, and it can’t be guaranteed that some students do not have access to your site. However, this situation is very rare.