How to manage access control via Manage Content and Bulk Ops

Site admins and system admins can manage access control on posts from the Advanced tab of the Manage content page.

• Go to Commands > Manage content
• Click on the Advanced tab

Filtering by access control

There are two different filters by access control:

"Show post restricted to"

This filter provides a way to search for posts based on the access control rules they have applied; the options match the options you can set on post type defaults, or on specific posts. These are the choices provided by this filter:

• No filter, show all posts: This is the default, which removes any access-related filters
• Everyone (public + logged in): Shows posts which everyone can see; any post which is restricted to one or a few roles will not be shown
• Not logged in (public only): Shows posts which only anonymous users can see, e.g. a Login link
• Logged in (regardless of role): Shows posts which any and all logged in users can see, e.g. a Logout link
• Members / Contributors / Editors / etc: Shows posts where the selected role is allowed access, but "everyone" and "all logged in users" are not; any custom roles will also show as options here
• Admins: Shows posts which only Site Admins and System Admins can see

Note that this filter does not show all posts each role can see, but rather which content is limited to the specified role(s). Think of it as looking for content you have set access control restrictions on.  For example, admins can see all content, but filtering for admins here shows content which only admins can see.

You can select more than one role to filter by. Multiple filters act as an "AND" – just like if you were entering multiple words in a search engine. For example, if you select Members and Contributors, you'll be able to find content restricted to both Members and Contributors. However this is mostly useful for the individual logged in roles. 

A few things that might seem odd, but that make sense when you consider: if Everyone and anything else are selected, only the search for Everyone will be performed. If Not logged in and Logged in are both selected, nothing will be shown because content can't be restricted to both logged in and logged out users (or else it would be available to everyone). If Admins and anything else are selected, then Admins will be ignored and only the other filters applied, because Admins are implicitly given access to all content.

"Only show posts with overridden access permissions" check box

This filter limits search results to those with access permissions which are overridden from post type defaults.

Viewing access rules

The list of posts in the Advanced tab includes the access permissions of each post. The permissions show under the title and subtitle of each post, with tags that match the access restriction set on the post. If the permission is the same as the default settings for the post type, the tag background is a light greenish gray. If the access rules set on a particular post have been set to override the post type defaults, the tag will show in a darker greenish gray. The filter text for "Only show posts with overridden access permissions" provides a key to the color to look for to identify these posts with overridden access rules.

Resetting access rules to post type defaults

Each post type has access control defaults, which can be overridden on individual posts. The article How to configure access control for post types explains this is more detail. The filter described above, "Only show posts with overridden access permissions," can be used to find posts which do not use the post type defaults. For any content which should conform to the defaults, it can be changed with the bulk ops action "Modify access: reset to post type defaults."

After selecting some posts, choosing this action, and clicking Execute, there will be a confirmation page that look like this:

There is no undo, so it's very important to be sure any access control changes you perform using this feature are desired.