Membership principles for composite applications

Portal, V6.1

Membership principles

Understanding the principles that govern membership and role assignment in composite applications is important for assigning access to applications and components and managing application membership. These principles will help you learn how role-based access affects the ability of users to work with applications.
The default roles for application members, Administrators and Users, are the basis for all new roles that you create for application members. Composite applications are assembled from the portal resource types Application Template Categories and Application Templates. Therefore, application membership roles derive from the role types that provide access control for these portal resources.

An application must have at least one membership role defined for it that corresponds to Administrators. Therefore, the last role in an application that provides Manager or higher-level access to the application, its membership, its pages, and the components on each page cannot be deleted.
A role that is based on Administrators requires at least one member. Therefore, the last member remaining in a role that provides Manager or higher-level access cannot be removed from that role.
A template or application owner is the individual who created the template or application. Template and application owners can change their ownership roles. That is, they can assign another user to become the owner of the template or application. New owners of templates and applications automatically become application members if they were not already members.
Application members maintain the access levels to the application, its pages, and the components on each page according to the membership roles to which they are assigned.
All authenticated users can be assigned membership to an application in a role that corresponds to any of the roles defined for the application, including roles based on the default role for Administrators.
Users can be given membership as individuals or as a group.

If users have been assigned application membership as individuals and as part of a group and group membership is canceled, the individual members still have access to the application.
Conversely, if users have been assigned application membership as individuals and as part of the group and their membership as individuals is canceled, they still have membership in the application as a member of the group.
When membership as an individual and as part of a group results in the user having more than one role, the role providing the highest level of access prevails.

Parent topic
Application membership