ABAC: Sending Newsletters with Access Control Groups (ACG) Configured
Updated 5 months ago
As part of Audience Based Access Control (ABAC), Access Control Groups (ACGs) determine who can manage, create, and view newsletters—and what content or sites can be included in them. This article walks through how ACGs interact with Newsletters, including how a user's access impacts the content they can see, manage, or share.
For more information on how ACGs are configured and operate, check out this article.
For full instructions on creating and sending newsletters, check out this article.
How newsletters use Access Control Groups (ACGs)
When users are granted access to manage newsletters via an ACG:
- They can create and edit newsletters only for the audiences defined in that group
- They can only add content from sites they have access to
- Their permissions are determined by the audience and site access in their ACG
Example setup
In this example:
- Amber Rich is in an ACG that gives her Newsletter manager access for the Manager Resources site audience.
- There's also a system default ACG that gives full newsletter access to a few users across the organization.
Creating a newsletter as a newsletter manager
Here’s how the experience looks for someone like Amber Rich, who has scoped Newsletter access based on the ACG:
1. Creating a newsletter
- Amber logs in and navigates to Manage features > Newsletters.
- She can see existing newsletters she has access to manage.
- She clicks Create and gives it a title (e.g., Amber’s Site Newsletter).
2. Selecting the audience
- The audience dropdown will only show audiences within Amber's ACG scope.
- In this case, that’s the Manager Resources site audience.
- She can refine this further by creating sub-audiences (e.g., by location or role within the site).
3. Adding content from sites
- When browsing for content to add, Amber will only see sites she has access to
- She sees:
- All Employees site (everyone in the org is in the audience, as well as members).
- Career Development site (she is in the target audience, though not a member).
- Note that just because a user has newsletter creation access does not bypass their access to sites and content they don't already have access to.
4. Content visibility
- If recipients of the newsletter don’t have access to certain sites or content included, that content will be automatically redacted, even if the newsletter manager added it.
- The system respects user-level access rights to ensure privacy and data security. This means even if a manager includes content from a site, users who lack access to that site won’t see that content in their newsletter.
App manager experience
As always, when an app manager logs in:
- They have full org-wide access and can:
- See all newsletters across the intranet
- View newsletters created by other users, including Amber Rich
- Manage newsletters, unrestricted by audiences or site ACGs
Summary
| Role | Access scope | Can they create Newsletters? | Can they add content to the newsletter? | Can they see all newsletters? |
|---|---|---|---|---|
| Newsletter manager (scoped by ACG) | Defined by ACG audience and site access | ✅ Yes | ✅ Only from accessible sites | ❌ No |
| App manager | Full organization | ✅ Yes | ✅ All content | ✅ Yes |
Key takeaways:
- ACGs control who can create and manage newsletters
- Newsletter audience and content visibility are limited to the user’s ACG scope
- Redaction ensures users don’t see content they’re not authorized to access
- App managers have complete visibility and override access
Let me know if you’d like this article to include example screenshots or a companion guide for assigning ACG permissions to Newsletter managers!
Subscribe to receive updates on this article