Open search
Home Key features Overview Secure user areas

Secure user areas

How can a part of a website be made private to certain users, to create an "extranet"?

Zenario has a range of features built-in for building extranet sites.

Enabling the extranet

In Zenario, an extranet can be created just by starting the Extranet Base Module, plus other related modules as may be required.

A range of user-side features become available, including:

  • user login
  • user registration
  • recover password
  • change password
  • ability for a user to view and edit their profile

Advanced features are also available:

  • user timers, such as for a 1-year membership or subscription
  • roles within an organisation
  • ability for one user (e.g. manager) to create another user.

User management

Zenario's Organizer administration area has a panel for managing users.

It actually allows management of both extranet users (people who can log into the extranet area of a site), and contacts (people whose contact details are stored, and may be emailed using the Newsletter feature).

The Users system is based on Zenario's Datasets system. So it is easy to add further fields to the records, such as extra text fields, flags, look-ups and consent fields.

Groups

There is a grouping system, through which it's possible to define one or several groups. A user may belong to none, one or multiple groups.

When a user logs in, they can be automatically directed to a given page, depending on which group they are in.

Any content item can be made to be public, for extranet users only, or for members of a given group.

Zenario checks every page request for what permissions are needed, and where a private page is requested, it ensures that the user is logged in and meets the requisite access level.

Smart groups

A smart group is a set of rules, which automatically identifies users based on group, status, and a range of settings for that user.

These can be used in complex sites to give or withhold permission to access certain content.

Password policies

The password policy of the site can be determined, essentially by setting how strong any password ought to be. 

In some setups an administrator may create a password for a user, but more commonly the user will choose their own password. Zenario prevents goes beyond asking simply for a minimum number of characters and some special characters (like Passw0rd123$), and instead expects passwords to be non-guessable and non-typical patterns.

Recording consent for privacy, and data protection

As soon as a site starts storing personal data, privacy issues become very important.

There is a special panel of Consents. Whether someone registers as a User, or simply completes a contact form to become a Contact, they are asked to confirm they've read and consented to the site's privacy policy; and when they do their consent is recorded in the Consents panel.

A range of data may be collected from users, such as form data, times of login, what material they access, and this can be made available to administrators.

But equally there is a process of deleting this data, so that it is not stored for longer than is necessary, and so typically Zenario deletes this data after some months or years, as determined in the site's Data Protection settings.

Advanced features: user timers

Zenario has a User Timers module, which extends the usual functionality applied to user accounts.

Whereas users can normally be a made a member of a group (thus conferring some ability to access an area of the site, or some functionality), a user timer gives them a membership of a group just for a specific period of time, such as 1 year.

Timers are structured as timer plans — which define the period of time that a timer runs, and its rules — and individual timers, which users have.

When a user is granted a timer, they are made a member of a group; this may be as a free membership, or may be combined with e-commerce features in which a user must purchase a subscription or membership.

When the timer is approaching its end time, the user and administrator are warned that expiry is coming soon. Depending on the site setup, the user may be able to freely extend their timer (e.g. by another 1 year), but failing that, when the timer expires the user may be removed from the group, or may have their account suspended or deleted.

There is a grace period feature, where a user can be allowed to go some period of time without renewing (for example, they may have a month's grace); that gives them more time to renew their timer. But after that, the expiry actions are carried out, such as to remove them from the group, or suspend or delete the account.

Organisation timers

Combining User Timers module with the Organization-Location Manager module adds more sophistication. It is then possible to grant a timer to an organisation, and then all users associated with that organisation (using a role) are given access to the site.

The same principle applies as for user timers, in that when a timer begins for a given user, they are added to a given group and this gives them access to some secure area of the site. When the timer expires, the access is removed and other actions may be performed.

Organisation timers is a powerful way of inviting partner organisations to have access to a website; for example, the organisation may pay by invoice for its various employees to have secure access to the Zenario site. Operating user access in this way is far more scalable than dealing with individual-level accounts, which are numerous and prone to error.

 
 
 
 
Home | Sitemap | Privacy | Contact us | Manage cookies
Copyright © Tribal Ltd. 1997-2025