Portal Express, Version 6.0
Operating systems: i5/OS, Linux, Windows
Item security
You use access controls on IBM® Workplace Web Content Management items to determine what level of access a user or group has to an item, and who has access to an item on the live Web site.
Various levels of access can be given to WCM items.
Read Allows a user or group to:
- View an item in the Authoring Portlet.
- View an item in the rendered Web site.
Edit Allows a user or group to:
- Edit an item.
- View an item in the Authoring Portlet.
- View an item in the rendered Web site.
Delete Allows a user or group to:
- Delete an item.
- Edit an item.
- View an item in the Authoring Portlet.
- View an item in the rendered Web site.
Creating new items
The ability to create new items is determined by a users role within a library.
Profiling versus security
Using profiling to personalize a site is different from using security to limit what items a user can access. In a profile based personalized site, although a user may not be able to access all the pages using personalized menus, they may still be able to access other pages by using navigators, or by searching for content. In a secured site, a user can only view items that they have been granted access to.
Workflow defined item security
Users and groups can also be given different access levels to an item in a workflow stage. (These are specified in the properties section of the workflow stage, not the security section.) Workflow security uses the same levels as item security with the addition of "approve".
Approve Allows a user or group to:
- Approve an item within a workflow.
- Create drafts of published items.
- View an item in the Authoring Portlet.
- View an item in the rendered Web site.
Published items and workflow defined item security
- If you grant a user edit access to an item in a workflow stage that uses a publish action, then those users are able to edit the published item directly. No draft is created. The same is true for system-defined security when applied to published items.
- If you grant a user delete access to an item in a workflow stage that uses a publish action, then those users are able to edit and delete the published item directly. No draft is created. The same is true for system-defined security when applied to published items.
- If you grant a user approve access to an item in a workflow stage that uses a publish action, then those users are able to create drafts of the published item.
Viewing an item's security settings
The following sections are displayed on the security section of each item.
User-Defined If the item is not participating in a workflow, the user can edit access under user-defined. A user only has access to edit user-defined access up to the same level as the user-defined access they have for that item. For example, A user with Read access can edit the user-defined security for Read access, but not for Edit or Delete access.
Workflow If an item is participating in a workflow, then the user-defined option does not appear and the workflow settings are displayed. This cannot be edited. Workflow-defined access is set in workflow stages. System-Defined Administrators can edit user access to an item at any time by changing the system-defined settings. Effective The absolute access to an item is displayed under Effective. This displays the cumulative security of user-defined plus Workflow-defined plus system-defined.
How security is set
When a new item is created, the creator is automatically given delete access to the item. Additional user and group security can be added in the user-defined and system defined settings.
If an item is participating in a workflow, the creator is given delete access to the item only in the first workflow stage. As the item progresses through a workflow, the item security is determined by the combined workflow and system defined security.
Security level No workflow 1st workflow stage Additional workflow stages Read
- User defined
- System defined
- System defined
- Workflow defined
- System defined
- Workflow defined
Edit
- User defined
- System defined
- System defined
- Workflow defined
- System defined
- Workflow defined
Delete
- User who created item
- User defined
- System defined
- User who created item
- System defined
- Workflow defined
- System defined
- Workflow defined
Approve Not applicable.
- Workflow defined
- Workflow defined
Restricting access to anonymous or authenticated users
When accessing a WCM Web site or rendering portlet, users login as either anonymous users, or authenticated portal users.
The following user and groups can granted access to items.
anonymous portal user Select this user to grant access to anonymous users [all authenticated portal users] Select this group to grant access to users that have been authenticated by Member Manager. [all users] Select this group to grant access to all users.
The access required to view a rendered item
To view an item on a rendered page, you need the following. These settings are especially important to review when setting anonymous user access to public pages.
- Read access to the presentation template used to display the content item.
- Read access to every item in the path to the content item:
- library/site/site area/content item
- Read access to every item in the path to any elements or components referenced in the presentation template:
- library/component
- library/site/element
- library/site/site area/element
- library/site/site area/content item/element
These paths do not need to be the same as the path to the content item.
- Read access to Web Content Libraries. For example, to render WCM content on a public page, go to...
Administration | Portal Content | Web Content Libraries
...and assign User role to anonymous user access for your library.
- Read access to portlets. For example, to render WCM content on a public page, go to...
Administration | Portlet Management | Portlets
...and assign User role to anonymous user access for the Web Content Viewer portlet.
- There must be a valid template map (there usually is). For more info, see...