Access control refers to granting a user access to content or to website features.  Some users can be granted permission to edit content.  Such access and permissions are determined by the roles that have been assigned to any given user.

Common applications:

  • Membership and subscription-based sites
  • Intranets and client portals
  • Privileged documents for a BOD
  • Department-based companies
  • Organizations with staff who maintains the site and its content


Careytech takes a role-based approach to access control, or RBAC, which is a recognized industry standard. The CMS is configured with user roles, each role bestowing access to select content and permissions.  The client’s webmaster can easily assign any given user to any combination of these roles.  This approach accommodates ongoing changes in personnel and responsibilities.


department-based content management.  We identified over 20 departments and sub-departments for Fillmore County.  We created a role for each department, and each of these roles were granted permission to manage and edit only the content for that department’s section. As a result, department users can create department pages and upload images and documents, and these are assigned only to that user’s department.  So each user who logs in sees a different set of options for managing content.

access control example: department-specific content management


Access Control also works well for subscription-based sites.  For the iCue Project the product page prompts an unsubscribed site visitor to subscribe, and once that user is subscribed, the download options appears instead.

access control example: subscription-based site