In Security Assist, identifying regions of site and setting up corresponding permissions for separate groups

Will have four groups: admins and three user groups.

Two of the user groups will have access to two different subregions in the HTTPS portion of the site. The third user group will have access to both those subregions. Admins will have access to the entire site.

Of course the HTTPS section of the site is off-limits to everyone except admins.

Have read in detail the help pages, but particularly am unclear about how to identify the subregions. Also not sure if have clear the setup on groups.

Thanks, David

see the following tutorial for details on setting up User Level Authentication.

http://www.webassist.com/tutorials/User-level-authentication-with-SecurityAssist

Thanks, Jason. Sorry I missed it before. David

No Worries

Jason, may I re-visit a (key) bit of the detail here?

The site is half http and half https. So, as far as I can see:

I first need to set the https folders off-limits to everyone. Then I selectively make accessible folders in https, according to user level.

As mentioned above - but not necessarily relevant here, since you have pointed me to the user level tutorial - there are four user levels The two most junior levels each have access to a couple different folders each. Then the next level up has access to the combination of all four of the junior level folders. Finally, admins have access to the entire https area.

May I check please - is it correct to first set all https off-limits, then selectively grant access by user level? If so, to check, what may I have left out?

Much thanks, David

Security Assist does not work at the folder level, Security Assist protects the individual pages.

You would need to create access rules for each of the divergent user levels, then apply the access restrictions to the pages that should be accessed by each group.

Thanks, Jason. Here I go. --David

In Access Pages Manager, part of the instructional text up top says: "select a folder to apply the rule to all the included Web pages" Of course this seems to say that folders as a whole can have rules set on them.

On the other side, rule selection is greyed out when a folder is selected.

So, checking. That instructional text is no longer operative, so to be ignored? (Or, are there conditions where it might apply?)

Much thanks, as always, David

How do I leave some pages on the site http, without security of course - so not https?

By putting no rule on them? Or?

Vital, to accommodate the casual visitor.

Again, much thanks, David

I dont understand the question.

HTTP vs HTTPS has nothing to do with Security Assist.

HTTP and HTTPS are different protocols used by the client web browser to access pages on your site. Using HTTP, the client accesses the pages using the standard Hyper Text Transport Protocol normally on port 80.

Using HTTPS, the client accesses the pages using Hyper Text Transport Protocol with Secure Socket Layer, normally at port 443.

The Secure Socket Layer that is used by HTTPS encrypts the information that is sent to the server and returned from the server.

Security Assist can be used to prevent access to pages regardless of the protocol used to access the page.