Giving you complete control over who can, and cannot, see and interact with your content is a core value for Dream to Learn.
The DTL permissions options
The permissions for any given piece of content determine who can see it. DTL supports the following permissions:
- content with "everyone" permissions is visible to everyone, including to guests who haven't logged in to Dream to Learn. Crucially, public content is visible to search engines like Google and Bing, meaning that people doing internet searches will be able to find your content.
- content with "DTL members and guests" permissions is visible to anyone who is logged-in to DTL. This includes members, and also guest users who have self-signed up but who do not yet have colleagues. The logged-in requirement excludes search engines, so your content will not be indexed, and will not show up in internet searches. Because guest users can see your content, anybody who knows about your content can sign-up and then see it. In practice this may include some "spam" users.
- content with "DTL members" permissions is visible to anyone who is a DTL member, but is not visible to guest users. To become a DTL member, you need to be invited to be a colleague by an existing DTL member. So in practice this means that "spam" users won't be able to see your content. But you will also be excluding some legitimate users who self-signed up for Dream to Learn but who don't yet have colleagues.
- content with "colleagues and colleagues-of-colleagues" permissions is visible to all of your colleagues, and also to colleagues of your colleagues. It is not visible to DTL members in general, to guest users, or to search engines. This is a good permissions setting if you want your content to be private, but still take advantage of some of the networks of your colleagues, since colleagues will be able to share your content with their colleagues. This is also a good minimum setting to take advantage of the DTL kindreds, since your colleagues will be able to invite their colleagues to join your kindred.
- content with "colleagues" permissions is visible only to your colleagues. Your colleagues won't be able to share your content with their colleagues, and of course DTL members in general, guest users, and search engines won't be able to see it. This is a more restrictive setting than "colleagues and colleagues-of-colleagues", and is a good setting for more private content.
- content with "only me" permissions is visible only to you (the usual case), and also to any co-authors, if there are any co-authors for the content (which is not the usual case). This is the most private setting. Nobody else will be able to see your content, not your colleagues, not DTL members in general, not guest users, nor search engines. If you're writing something you aren't ready to share with anyone yet, this is a good initial setting, since you know that nobody will be able to see it.
- lastly, the "custom" permissions setting allows you set more fine-grained permissions. Using this setting you can limit your content to specific users. You could for example, allow just one other user, specifically chosen, to view your content. You also have the option to "mix and match" some permissions. So you could allow your colleagues and colleagues of colleagues, and one other specific user, to see your content.
Controlling spam comments
You can set permissions for who can comment on your document or blog separately from the content itself. By default, even if you set permissions to 'public' we prevent self-sign up users from posting comments. Through experience, we know that some of these users sign up to post spam. Once a user has proven themselves by getting at least one colleague who is an existing DTL user, they can then post comments according to the default permissions.
If you want to eliminate the possiblity of comments, just set the comments permissions to "only me" (accessible from the cog / settings icon at the top of your content).
We go out of our way to verify that permissions work as expected. We have a "bot" (an automated process) that checks all content in the background. This bot verifies that users who should not be able to see your content can't see it, and that users who should be able to see it, can.
For example, if you set permissions to "colleagues", the bot will check to see that one of your colleagues can see the content, while someone who is not one of your colleagues, cannot see it. In the unlikely event that permissions don't work as they should, our technical team is immediately notified, so we can fix the problem.
You can check to see how many times the bot has tester your content by clicking on the 'statistics' icon above your content. At the bottom of the statistics you'll see the number. This is an example for content that's frequently accessed, and that's been around for a long time. The number for new content will be much lower, of course!