Access Control / Private Pages

OVERVIEW:

The template system offers a way to make 'Basic Page' content types private, available only to logged in Princeton University members. If a site visitor attempts to access a page that is set to "private" and they are not already logged in, they will see an Access Denied alert and be prompted to enter their Princeton University NetID (PUID) and password before they are able to view the content of the private page.

Note that the ability to set private pages is turned OFF by default. To begin using private pages the PWDS Access Control app must first be turned ON by a site administrator. Once the app is turned on, the "set as private" feature will be visible on basic pages. 

FAST FACTS:

  • Site Administrator must turn on PWDS Access Control app to enable private functionality.
  • PWDS Access Control app allows only people with Princeton User role to view private content.
  • All CAS users are assigned Princeton User role automatically. 
  • Only Basic Page content type can be set to private. 
  • Menu links to private pages are visible only to logged in CAS Users.
  • Private content, pages & menu links, are visible to anyone logged in via CAS. 

CAVEATS:

  • Anyone with a PUID can log in to a private page so, do not store any Restricted or Confidential content on your website.
  • Keep in mind that public pages that are later set to private are probably already indexed and cached by search engines and web crawlers. 
  • Files that you upload to the website are NOT private.

Protect Our Information

Please consider the types of content that you are storing on your website. Do not store any Restricted or Confidential content on your website. Please refer to the Protect Our Information website for additional information.


Step 1: Enable the Access Control App

  • You must have Site Administrator role to enable the app.
  • Login to edit mode
  • From the Admin toolbar, select Apps

timeline image

  • Click on the PWDS Access Control app, then click Enable App. Do not reload or close the page until you get the Success alert, this can take a minute or two so please be patient. 

Timeline enable button



Step 2: Make a Page Private

After the Access Control app is turned on:

  • Create a new basic page or edit an existing one.
  • Under the Privacy Options of the page, check the private page checkbox.

private page checkbox

Items to Note:

If a link to a private page is added to a menu, the link will not be visible unless the user is logged in.

Once a user attempts to access a private page, the user will see the "access denied" message.

access denied message

The site visitor is prompted to Log in via the CAS authentication service by entering their NetID and password to access the content of the private page.

CAS authentication screenshot


TIPS:
Customize your access denied message

By default, the system will display the standard "access denied" message. If you want, you can use a customized 403 Access page to notify your readers that they are trying to access private content and will be required to log in.

For example, you can customize your 403 access page to read the following:

"The content on this page requires a Princeton University netID and password to access. You will be prompted to enter your University netID and password before accessing the content."

Linking to Private Pages

If you have a private page that you would like to send visitors to you can use the following URL pattern which will take them directly to the page after login or to the page if they are already logged in. For example:

If your private page lives here: https://yoursite.princeton.edu/stuff/this-is-a-private-page/
You can share the following link: https://yoursite.princeton.edu/cas?destination=stuff/this-is-a-private-page

OR

If your private page lives here: https://yoursite.princeton.edu/node/345
You can share the following link: https://yoursite.princeton.edu/cas?destination=node/345

Be sure to test your links before sharing them!