To manage permissions for a page, click on the Permissions button when viewing a page. This will open a new dialog with various options for a protecting a page.

Before you create a protected, you must ensure that there is a log in page on your site. This is so users with credentials for accessing the protected area can authenticate. The log in page must contain a log in web form (see Managing Forms), and the page must not be protected.

Figure 4.4. Managing permissions for a page

The default setting on this page is Inherit permissions. This means whether or not the page is protected depends upon its parent page. If its parent also inherits, then you must then consider the parent's parent (and so on).

To protect the page (and all of its sub-pages), select the Restrict to directory option beside the directory you want to give access to (if you only have one user directory then there will only be one to choose from).

If your user directory has one or more roles, you can choose to restrict access to any number of roles. If you don't choose any roles then any user in that directory will be able to access the protected area.

Click Save Permissions to the settings for that page. Once the page is protected, a yellow box will now appear in the page overview to indicate that it is protected. Additionally, all sub-pages that are also protected will display the same yellow box.

Figure 4.5. Page overview when a page is protected

If a non-authenticated user (or a user authenticated for a different user directory or non-matching user role) tries to access a page in the protected area, they will instead be displayed the login page.

If you have a page inside a protected area that you don't want to be protected, all you need to do is open the permissions management page (click on the Permissions button when viewing the page that you want to be unprotected) and select the Allow Access option.

This can be useful if you want to store the log in page and a "reset your password" page within a members area.