Manage Users

user-access-menu

By default, the Manage Users console will have the warning in red below because SSL certificates are generally an add-on to hosting accounts. But given the increasing trend of using packet sniffers to collect passwords, it is highly recommended that you have an SSL certificate installed in your hosting account, and to set BWB_REQUIRE_SSL in the connect/config.php file to 1. This way your communications to the server will be encrypted.

manage users (with ssl warning)

After installing an SSL certificate and changing the setting in your config file, the manage user console will have a less threatening appearance as shown below:

manage users console

 

The user management console is shown above. If this is the first time anyone is going into this area, you will want to change the default passwords for all of the built-in logins. Use secure passwords containing upper and lower case and numbers for these logins. The implications of a security breech with this system are severe. If you can't think of a password, you can click the Generate Password button to automatically generate a secure password for you. If you don't like the password that is automatically generated, click the Change Password button until it generates a password you like:

When creating a new account, choose from the access levels as shown below:

access levels

Power user is the default level. The access levels are defined as follows:

Blogger: Only allowed to blog to pages. For more information on blogging see blogging.

Admin: Access to all areas including user management and site options.

Power User: Access to all areas except user management, changing site options, setting restrictions for restricted users, upgrading table structures, and pruning functions.

User: Access to basic functions, but not advanced functions including menu and site styling, deleting, copying or renaming pages, managing border areas, managing head content, menu assignment, and any admin function not available to power users.

Restricted: Only the ability to edit any page as specified using the restrict page editing console.