Users, Groups & Authentication

Users are accounts used to edit a Concrete CMS site. At its core, a user record in Concrete consists solely of an ID, a unique username, and an email address. Like pages and files, users may also be joined to any number of User Attributes, which allow administrators to specify additional details of information to store and track about accounts. A Concrete site must have at least one user account – the admin user. This user (with the user ID of 1) has unlimited permissions to edit and manage Concrete. A user logs in to Concrete using a particular Authentication Type. Authentication types are bundles of presentation and backend controller code that are presented and acted on from the standard login page. Examples of authentication types include the built-in Concrete authentication (which logs users in based on their User records in Concrete), Facebook, Twitter and concretecms.org authentication (which logs users in based on their Facebook, Twitter and concretecms.org accounts, respectively.) Developers can create and enable new authentication types.

In addition to Users, Concrete contains the concept of Groups. Groups are simply a way of combining users for any purpose. Groups are used primarily in Concrete permissions, as a given group of users can be allowed read, edit, delete, and administrative access to pages, areas and even individual blocks. Concrete's advanced permissions allow for Combination Groups as well – assigning permissions only to users who exist within two or more specific groups. Additionally, Group Sets allow Concrete administrators to treat a group of groups in a particular way.

Every user account in Concrete can access a My Account section of the site. This section of the site is a series of single pages wherein a user can change their password, access private messages, and change various user attributes. A user doesn't need administrative or Dashboard access to get to their my account section. Additionally, administrators can enable a public User Profile series of single pages that displays public user attributes about any user to other members of the site.

The user profile functionality contained within Concrete makes it particularly useful for running community websites. Other features that make Concrete suited for running communities include User Points – a completely optional concept where users can accrue points either manually (assigned by administrators) or through programmatic actions on a site, and Badges – which are simply Groups that have special user-visible imagery and optional community points. Badges are listed on user profiles, and automated group entry can make it easy to automatically assign badges based on community activity.