Defining User Groups

Define a set of user groups that reflect the kinds of access you'll be granting. These groups can be defined in an external user identity system (such as an LDAP system) or in the application database. These groups provide a convenient, built-in way to manage a people's access to application features.

System-Defined User Groups: Everyone and All Registered Users

The application includes two groups that are defined by the system: Everyone and All Registered Users. These are a good place to start when managing permissions that are in effect across the community. After you've figured out how permissions should be applied for these broad groups, you can start assigning permissions based to user groups you create.

Note: Configuring permissions on the Everyone group is reserved for administrators of public communities. Administrators of internal communities, which are typically not licensed to permit public access to content, are not allowed to modify permissions on the Everyone group.

Everyone includes anyone who visits the site, including anonymous users. Think hard about what you want people to be able to do anonymously, but weigh that against the need to engage people to encourage them to participate. (Note that users who merely view content are not counted among the number of users your license provides for.)
All Registered Users includes people who have entered registration information and logged in for access. Use this group when you want to ensure certain kinds of access go only to people who have an account on the system.

Your User Groups

Your user groups will reflect your community's organizational groups. They could be relatively few, with separate groups for those who manage, moderate, and administer the community. They could also be many, with groups representing departments of a company, people with specific privileges (such as blogging), virtual teams within the organization, and so on.

For more on creating and managing groups, see Managing User Groups.