Permissions & Access


Let us know by posting here.

Permissions in Concrete CMS are crucial for managing access control and functionalities across the site. This section in the System and Settings provides a comprehensive setup to control user access and define their capabilities.

Site Access

Site access permissions control who can view and interact with your site.


  • Public vs. Private Access: Determine if your site is accessible to everyone or only to certain user groups.
  • Registration Options: Manage how new users can register and access your site.

Task Permissions

Task Permissions define the capabilities of different user roles and groups in terms of specific administrative tasks.

Permissions Explained

  • Clear Cache: Determines who can clear the site cache.
  • Manage Files: Controls who can upload and manage files in the file manager.
  • Manage Pages and Content: Sets permissions for who can add, edit, or delete pages and content.

User Permissions

User Permissions are about defining what individual users or user groups can do on the site.

Key Permissions

  • Access Dashboard: Determines who can access the Concrete CMS dashboard.
  • Edit User Accounts: Controls who can edit user accounts, including changing passwords or deactivating accounts.

Advanced Permissions

Advanced Permissions offer granular control over various aspects of the site, tailored for complex setups.


  • Page-Level Permissions: Set specific permissions for each page, controlling who can view, edit, or add sub-pages.
  • File-Level Permissions: Control who can access or edit specific files or file sets.


Workflows in Concrete CMS handle multi-step processes that require approvals or reviews.

Workflow Setup

  • Approval Workflows: Set up workflows for content approval, ensuring that all changes are reviewed before going live.
  • Automated Notifications: Configure notifications for each step of the workflow, keeping relevant users informed.

IP Deny List

The IP Deny List feature allows administrators to block access to the site from specific IP addresses.

Use Cases

  • Security: Block IPs that are sources of spam or malicious activities.

Captcha Setup

Captcha Setup involves integrating captcha challenges to enhance site security and prevent automated spam.

Features and Configuration

  • Captcha Types: Choose from various captcha methods, including simple math questions, image-based captchas, or Google reCAPTCHA.
  • Application: Determine where captchas are required, such as on login pages, registration forms, or comment sections.

Spam Control

Spam Control settings are designed to prevent and manage spam on your website.

Key Aspects

  • Automated Detection: Implement automated systems to detect and flag potential spam content.
  • User Management: Configure settings to moderate or restrict user actions that are commonly associated with spam, such as frequent posting or content with specific keywords.

Maintenance Mode

Maintenance Mode allows you to temporarily disable public access to your site for updates or maintenance.


  • Site Accessibility: When enabled, only administrators can access the site, while a maintenance message is displayed to other visitors.
  • Custom Messages: Set up a custom message or page that visitors see when Maintenance Mode is active, informing them of ongoing maintenance or updates.

Trusted Proxies

Trusted Proxies settings manage the recognition and handling of requests from proxy servers.

Configuration and Use

  • Proxy Identification: Specify which proxy servers are trusted for forwarding requests to your site.
  • Security Implications: Properly configuring trusted proxies is important for security and accurate logging, especially when your site is behind a load balancer or a reverse proxy.