Roles

Home

Roles

Describes the roles defined for Lotus Connections users on WebSphere Application Server. The four roles that are consistent across the features (person, everyone, reader, and admin) should be consistently set across all of the IBM Lotus Connections services.

Activities roles

J2EE Role Description
everyone Can access public pages without signing in to the feature. There are not many pages that allow everyone to access them. The login page is an example.
person Can read and write to Activities.
reader Used exclusively by the Ajax proxy.
search-admin Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.
widget-admin Used by widget containers to send events alerting widget applications of container changes. The widget-admin role is mapped to the user specified in the remoteHandlerAuthenticationAlias attribute defined in the widgets-config.xml file for the Activities widget. The installer sets the attribute to the connectionsAdmin alias, and maps the widget-admin role to the user specified in that alias.

Blogs roles

J2EE Role Description
admin Used by the Blogs administrator to manage the Blogs configuration and content.
everyone Can access public pages without signing in to the feature. The login page is an example.
person Can read and write to Blogs.
reader Users in this role have read access to Blogs. If this role is mapped to all authenticated, then it forces all users to log in before they can use Blogs.
search-admin Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.
widget-admin Used by widget containers to send events alerting widget applications of container changes. The widget-admin role is mapped to the user specified in the remoteHandlerAuthenticationAlias attribute defined in the widgets-config.xml file for the Blogs widget. The installer sets the attribute to the connectionsAdmin alias, and maps the widget-admin role to the user specified in that alias.

Bookmarks roles

J2EE Role Description
everyone Can access public pages without signing in to the feature. Some examples are the Public Bookmarks and Popular Bookmarks views, as well as the login page.
person Can read and write to Blogs.
reader Users in this role have read access to Blogs. If this role is mapped to all authenticated, then it forces all users to log in before they can use Blogs.
search-admin Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.

Communities roles

J2EE Role Description
admin Not used.
dsx-admin Used by the Communities service extension to read both public and private data.
everyone Not used.
person Users in this role can create communities, join a public community, or request to join a moderated community. Communities Atom API creates and updates can only be performed by a user in this role.
reader Users in this role have read access to Communities. If this role is mapped to "all authenticated", then it forces all users to log in before they can use Communities. This role is also used to restrict access to the Ajax proxy; it is recommended that you set reader to "all authenticated" in a production environment.
search-admin Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.

Files roles

J2EE Role Description
admin Administrative role. No default mappings are defined for this role.
everyone Users with this role can access public pages without signing in to the feature. The login page is an example. This role should not be modified.
everyone-authenticated Used to protect login pages and similar items. This role is mapped to "all authenticated" by default and should not be modified.
files-owner Users with this role have all of the privileges of someone in the person role, but can also upload files. Mapped to "all authenticated" by default. You can apply this role to a subset of people in the person group to limit who can upload files.
person Users with this role have read and write access to the application. Mapped to "all authenticated" by default. When this role is mapped to "all authenticated," the reader role should be mapped to "everyone."
reader Users with this role have read-only access to the feature. Mapped to "everyone" by default. When this role is mapped to "everyone," the person role should be mapped to "all authenticated." If this role is mapped to something other than "everyone,' the person and reader roles must have the same mappings.
search-admin Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.
widget-admin Used by widget containers to send events alerting widget applications of container changes. The widget-admin role is mapped to the user specified in the remoteHandlerAuthenticationAlias attribute defined in the widgets-config.xml file for the Files widget. The installer sets the attribute to the connectionsAdmin alias, and maps the widget-admin role to the user specified in that alias.

Home page roles

J2EE Role Description
admin This role is not mapped to any users by default. This role is used to protect the Home page administrative user interface, which allows administrators to register new widgets, and to enable and disable widgets. Users in this role can see a Server metrics link in the Home page footer. Specific administrator user IDs should be mapped to this role, but you should not map this role to the "everyone" or "all authenticated" users.
everyone Applies to the Home page login page and the service configuration APIs only. This role allows users to access these resources without any authentication. By default, the role is mapped to "everyone" and should not be modified.
person Used to secure the Home page web user interface. Users must authenticate to access the Home page. Note that the Home page is not designed to work in an unauthenticated fashion, and therefore this role should not be mapped to "everyone". By default, this role is mapped to "all authenticated", which means that all authenticated users can access the Home page. If you need to restrict access to a smaller set of people, modify the mapping of this role as needed.
reader Defined in the Home page, but not used. This role is mapped to "everyone" by default. Modifying this role has no effect on the Home page.

News roles

J2EE Role Description
admin Defined in the news repository, but not used. Changing its mapping has no effect on the news repository. This role is not mapped to any users by default.
everyone This role should not be modified. It is used to define pages which should always be available, such as the login page.
person Used to secure the Atom APIs for top or saved stories. Users must authenticate to access those APIs. By default, this role is mapped to "all authenticated", which means that all authenticated users can access the top and saved stories APIs. To restrict access to a smaller set of people, modify the mapping of this role.
reader Applies to public Atom APIs. This role allows users to access these resources without authenticating. By default, the role is mapped to everyone. Modifying this role limits access to the public APIs. For instance, mapping this role to AllAuthenticated requires users to log in when accessing public Atom APIs.

Profiles roles

J2EE Role Description
admin Administrative role. No default mappings are defined for this role.
dsx-admin Used by the Profiles service extension to read both public and private data. This role secures the service communication when e-mail addresses are hidden.
everyone Users with this role can access public pages without signing in to the feature. There are not many pages that allow everyone to access them. The login page is an example.
person Users with this role have read and write access to the application. Mapped to "all authenticated" by default.
reader Users with this role have read-only access to the feature. Mapped to "everyone" by default.
search-admin Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.

Search roles

J2EE Role Description
admin Defined in the News repository, but not used. Changing its mapping has no effect on the News repository. This role is not mapped to any users by default.
everyone Applies to the News repository login page and the public ATOM News APIs. This role allows users to programmatically access resources without having to authenticate. By default, the role is mapped to "everyone" and should not be modified.
person Used to secure a set of ATOM APIs for top or saved stories. Users must authenticate to access those APIs. By default, this role is mapped to "all authenticated," which means that all authenticated users can access the top and saved stories APIs. If you need to restrict access to a smaller set of people, modify the mapping of this role.
reader Defined in the News repository, but not used. Changing its mapping has no effect on the News repository. This role is not mapped to any users by default.

Wikis roles

J2EE Role Description
admin Administrative role. No default mappings are defined for this role.
everyone Users with this role can access public pages without signing in to the feature. The login page is an example. This role should not be modified.
everyone-authenticated Used to protect login pages and similar items. This role is mapped to "all authenticated" by default and should not be modified.
files-owner Users with this role have all of the privileges of someone in the person role, but can also upload files. Mapped to "all authenticated" by default. You can apply this role to a subset of people in the person group to limit who can upload files.
person Users with this role have read and write access to the application. Mapped to "all authenticated" by default. The reader role should be mapped to "everyone" when this role is mapped to "all authenticated."
reader Users with this role have read-only access to the feature. Mapped to "everyone" by default. The person role should be mapped to "all authenticated" when this role is mapped to "everyone." If this role is mapped to something other than "everyone,' the person and reader roles must have the same mappings.
search-admin Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.
widget-admin Used by widget containers to send events alerting widget applications of container changes. The widget-admin role is mapped to the user specified in the remoteHandlerAuthenticationAlias attribute defined in the widgets-config.xml file for the Wikis widget. The installer sets the attribute to the connectionsAdmin alias, and maps the widget-admin role to the user specified in that alias.

Administer all Lotus Connections features

+
Search Tips | Advanced Search

J2EE Role	Description
everyone	Can access public pages without signing in to the feature. There are not many pages that allow everyone to access them. The login page is an example.
person	Can read and write to Activities.
reader	Used exclusively by the Ajax proxy.
search-admin	Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.
widget-admin	Used by widget containers to send events alerting widget applications of container changes. The widget-admin role is mapped to the user specified in the remoteHandlerAuthenticationAlias attribute defined in the widgets-config.xml file for the Activities widget. The installer sets the attribute to the connectionsAdmin alias, and maps the widget-admin role to the user specified in that alias.

J2EE Role	Description
admin	Used by the Blogs administrator to manage the Blogs configuration and content.
everyone	Can access public pages without signing in to the feature. The login page is an example.
person	Can read and write to Blogs.
reader	Users in this role have read access to Blogs. If this role is mapped to all authenticated, then it forces all users to log in before they can use Blogs.
search-admin	Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.
widget-admin	Used by widget containers to send events alerting widget applications of container changes. The widget-admin role is mapped to the user specified in the remoteHandlerAuthenticationAlias attribute defined in the widgets-config.xml file for the Blogs widget. The installer sets the attribute to the connectionsAdmin alias, and maps the widget-admin role to the user specified in that alias.

J2EE Role	Description
admin	Not used.
dsx-admin	Used by the Communities service extension to read both public and private data.
everyone	Not used.
person	Users in this role can create communities, join a public community, or request to join a moderated community. Communities Atom API creates and updates can only be performed by a user in this role.
reader	Users in this role have read access to Communities. If this role is mapped to "all authenticated", then it forces all users to log in before they can use Communities. This role is also used to restrict access to the Ajax proxy; it is recommended that you set reader to "all authenticated" in a production environment.
search-admin	Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.

J2EE Role	Description
admin	Administrative role. No default mappings are defined for this role.
everyone	Users with this role can access public pages without signing in to the feature. The login page is an example. This role should not be modified.
everyone-authenticated	Used to protect login pages and similar items. This role is mapped to "all authenticated" by default and should not be modified.
files-owner	Users with this role have all of the privileges of someone in the person role, but can also upload files. Mapped to "all authenticated" by default. You can apply this role to a subset of people in the person group to limit who can upload files.
person	Users with this role have read and write access to the application. Mapped to "all authenticated" by default. When this role is mapped to "all authenticated," the reader role should be mapped to "everyone."
reader	Users with this role have read-only access to the feature. Mapped to "everyone" by default. When this role is mapped to "everyone," the person role should be mapped to "all authenticated." If this role is mapped to something other than "everyone,' the person and reader roles must have the same mappings.
search-admin	Used by search to read public and private data in order to create search indexes. This role must be specified on each feature that search indexes.
widget-admin	Used by widget containers to send events alerting widget applications of container changes. The widget-admin role is mapped to the user specified in the remoteHandlerAuthenticationAlias attribute defined in the widgets-config.xml file for the Files widget. The installer sets the attribute to the connectionsAdmin alias, and maps the widget-admin role to the user specified in that alias.

J2EE Role	Description
admin	This role is not mapped to any users by default. This role is used to protect the Home page administrative user interface, which allows administrators to register new widgets, and to enable and disable widgets. Users in this role can see a Server metrics link in the Home page footer. Specific administrator user IDs should be mapped to this role, but you should not map this role to the "everyone" or "all authenticated" users.
everyone	Applies to the Home page login page and the service configuration APIs only. This role allows users to access these resources without any authentication. By default, the role is mapped to "everyone" and should not be modified.
person	Used to secure the Home page web user interface. Users must authenticate to access the Home page. Note that the Home page is not designed to work in an unauthenticated fashion, and therefore this role should not be mapped to "everyone". By default, this role is mapped to "all authenticated", which means that all authenticated users can access the Home page. If you need to restrict access to a smaller set of people, modify the mapping of this role as needed.
reader	Defined in the Home page, but not used. This role is mapped to "everyone" by default. Modifying this role has no effect on the Home page.

J2EE Role	Description
admin	Defined in the news repository, but not used. Changing its mapping has no effect on the news repository. This role is not mapped to any users by default.
everyone	This role should not be modified. It is used to define pages which should always be available, such as the login page.
person	Used to secure the Atom APIs for top or saved stories. Users must authenticate to access those APIs. By default, this role is mapped to "all authenticated", which means that all authenticated users can access the top and saved stories APIs. To restrict access to a smaller set of people, modify the mapping of this role.
reader	Applies to public Atom APIs. This role allows users to access these resources without authenticating. By default, the role is mapped to everyone. Modifying this role limits access to the public APIs. For instance, mapping this role to AllAuthenticated requires users to log in when accessing public Atom APIs.