Web "security" can be achieved in many ways. Parts of webpages, entire webpages and entire websites can have access restricted or opened per an organization's needs and desires. Higher Logic achieves these goals through a combination of Communities and Security Groups.
What an individual user can do and access within a website is determined through the interaction of Security Groups, Communities and site settings. Security Groups and Communities establish attributes for each user which are then recognized by webpages and Content Items to allow or decline access.
Security Group or Community?
The distinction between Security Groups and Communities is often not obvious to new Admins. It is often unclear if "this grouping" or "that characteristic" should be the basis for a Security Group or a Community. Content and functionality can be protected for Security Groups and Communities. The configuration of Security Groups and Communities should reflect business needs, including security and content access.
Security Groups and Communities are fundamentally different but they work together to establish the rules for content and user interaction. Security Groups come first – at a minimum they define the core personal characteristic of a user. Think of Security Groups as "types of people": Members, the general public, Staff. Security Groups are used to allow access to content and functionality based on "who they are". Think of Communities as "groups of people": the Finance Committee, the Ohio Chapter, the Student Council. Many Community settings are based on Security Groups.
For additional clarity in differentiating between Security Groups and Communities ask these questions about any subset of your served population.
- Does this group have their own Member Type in the AMS? If yes: Security Group
- Does this group represent a "stage of maturity" within the organization? If yes: Security Group
- Does this group have a Chapter or Committee in the AMS? If yes: Community
- Could this group use a private library, discussion group or Microsite? If yes: Community
- Is this group geographically based? If yes: Community
- Does this group include multiple "types of people" (Staff and Members, for example)? If yes: Community
Very few subsets of an organization will be able to answer "yes" to all of the above. One possible exception is the Board of Directors or other highest leadership strata. While the needs of the board may require their own Security Group, generally they can be met through a dedicated Community without a Security Group.
Security Groups and Community Settings
Simply put - Security Groups are the options for Community Settings. Through their settings, Communities can be opened up to those who are not Community members by assigning view and other rights to users belonging to specific Security Groups.
Community information and content can be seen, downloaded and added to by users who are not in the Community. Business needs are commonly met by Community Settings. For example, a common business need is to allow the Resource Library and Discussion for a Community to be seen by all members of the organization - not just those who are Community members. This is achieved on the Manage eGroups page of CCAdmin by selecting IsMember in the area marked Security Groups: Allowed to View Content.