Cascade has five levels of system access; these are referred to as roles. In order of increasing access, these are the Contributor role, the Approver role, the Publisher role, the Manager role and the Administrator role.

The college/department/unit and its business processes will be instrumental in assigning roles for their area. The Contributor role will likely be assigned to the person responsible for writing/drafting content. The Approver role will likely be assigned to the person responsible for editing or revising content. The Publisher role will likely be assigned to the person responsible for signing off on content before publication. A pyramid approach is advised for assigning roles, with very few Managers and more Contributors.

At a minimum there will need to be one person designated as a Manager for each site to create workflow, templates, configuration sets and asset factories and for other technical set up. This role requires a certain level of technical ability in order to manage a site; training may be required for people given this role.

Permissions

Site managers determine user permissions for their sites. These permissions determine which users or groups have access to a specific folder or asset. Each user or group can have read or write access to a folder or asset, both or neither. Read access means that you are able to see the folder or asset, while write means that you are able to modify the asset (i.e. create, edit, copy, and delete).

Roles

Roles define user abilities. Roles can be assigned per user or per group. Each role inherits capabilities from the role beneath it. For example, the Publisher may do anything that the Contributor and Approver roles may do, but not everything that the Manager is capable of doing.

Through group association, users can inherit roles. This means a user is automatically given more abilities if they are added to a group with a higher role than their own. Users and Groups will only see the sites/folders for which they have been given access.

A user or group is assigned one of four roles that inherit the capabilities from the role beneath it:

There are two central administrators that have unrestricted access to the server. The Administrator role permits full, uninhibited access to all assets and/or areas of the system. An Administrator has access to the area where webpage assets are managed and the "Administration" area where advanced system entities and publishing can be configured. Administrators are responsible for configuring system preferences, using system tools and more. As stewards of the technical infrastructure, this level of access is restricted to system support personnel in ITS to ensure the lowest risk of unplanned down time that would affect the entire community.