Role blocks for resources

Role blocks prevent inheritance and propagation through the resource hierarchy. This topic describes role blocks and provides examples of how role blocks affect resources.


Role blocks

There are two types of role blocks:
Inheritance blocks


Propagation blocks

Inheritance blocks and propagation blocks are similar in that they prevent parent resources from affecting child resources. You apply inheritance blocks to prevent parent resources from affecting only specific child resources. You apply propagation blocks to prevent parent resources from affecting all child resources.

Role blocks apply to specific resources. For example, the Market News page is the parent of the Europe Market News page and the USA Market News page. An inheritance block exists for the Editor role on the Europe Market News page. No inheritance blocks exist for the USA Market News page. All users with the Editor role on the Market News page (Editor@Market News Page) inherit the Editor role for the USA Market News page (Editor@USA Market News Page), but do not inherit the Editor role for the Europe Market News page.

Role blocks apply to specific roles. For example, an inheritance block exists for the Editor role on the Europe Market News page. This role block prevents the Europe Market News page from acquiring any Editor role assignments from the Market News page. However, this role block does not affect inheritance of other roles. For example, no inheritance blocks exist for the Manager role. For this reason, all users with the Manager role on the Market News Page (Manager@Market News Page) inherit the Manager role on the Europe News Page (Manager@Europe Market News Page).


Create and deleting role blocks

Use the following to create and delete role blocks:


XML configuration interface


Portal scripting interface


User and Group Permissions portlet


Resource Permissions portlet

For example, a user named Mary has the Administrator role on the Market News page (Administrator@Market News Page). The Market News page is the parent of the USA News Page. Mary automatically has the Administrator role on the USA Market News Page (Administrator@USA Market News Page) if you do not create a role block with the XML Configuration Interface.

All roles, including Administrator and Security Administrator, are automatically blocked for the following:

For example, WebSphere Portal controls access to the Market News page. IBM Tivoli Access Manager controls access to the USA Market News page. This scenario is one in which an externalized resource, the USA Market News page, has an internal parent resource, the Market News page. In this scenario, the USA Market News Page, the child, does not inherit roles from the Market News Page, the parent. For this reason, if a user named Mary has the Editor role on the Market News Page (Editor@Market News Page), she does not automatically get the Editor role on the USA Market News page (Editor@USA Market News Page).


Parent

Resources

 


+

Search Tips   |   Advanced Search