If a content editor creates a new web content article without setting any custom permissions on the article, the VIEW permissions eventually set on that article are dependent of the current state of the site:
- If the site only has public pages, the VIEW permission is assigned to Guest (and Owner).
- If the site also has private pages, the VIEW permission is assigned to Site Member (and Owner) instead.
This logic is implemented in InputPermissionsParamTag#getDefaultViewRole and seems to make sense. If the site only has a public part, articles should be visible by everyone, also by users who are not a member of the site. This changes if the site also has a private part. In that case, only certain articles should be public.
This however becomes very confusing if a site used to be public-only and has evolved to a site with both public and private content. Because the VIEW permission configuration of an article is hidden in a tab, content editors will hardly ever look at, let alone change, these settings while creating content.
It would be much better if content editors were made aware of the fact that they are publishing web content in either public or private scope. This can be achieved by explicitely letting the user select in which scope the article needs to be published. In that case, there will no longer be a "sensible default" for this scope that could possible change in the future. If the content editor doesn't select a scope, a validation error would be thrown.
Thanks for your feedback.