Composite Applications - Membership principles
Overview
The following principles govern membership and role assignment in composite applications. The default roles for application members...
- Administrators
- Users
...are the basis for all new roles that you create for application members.
Composite applications are a portal resource type; therefore, application membership roles derive from the role types that provide access control for portal resources.
- An application must have at least one membership role defined that corresponds to Administrators.
The last role in an application that provides manager permissions to the...
- the application
- its membership
- its pages
- its components
...on each page cannot be deleted.
- A role that is based on Administrators requires at least one member.
The last member remaining in a role that provides manager permissions cannot be removed from that role.
- A template or application owner is the individual who created the template or application.
Template and application owners can change their ownership roles. That is, they can assign another user to become the owner of the template or application.
- Application members maintain the access levels to...
- the application
- its pages
- components on each page
...according to the membership roles to which they are assigned.
- All authenticated users can be assigned membership to an application in a role that corresponds to Users.
All authenticated users cannot be assigned membership in a role that corresponds to Administrators.
When application managers choose to...
Give All Users Access as User...role for the application, the selection list only shows membership roles that correspond to Users.
- Users can be given membership as individuals or as a group.
If users have been assigned application membership as individuals and as part of a group and group membership is canceled, the individual members still have access to the application. Conversely, if users have been assigned application membership as individuals and as part of the group and their membership as individuals is canceled, they still have membership in the application as a member of the group.
- When membership as an individual and as part of a group results in the user having more than one role, the role providing the highest level of access prevails.
Parent Topic
Application membership