+

Search Tips   |   Advanced Search

Access control for managed pages

Access control for managed pages provides more capabilities than access control for standard portal pages. In addition to the access control features available for pages through portal administration, we can also apply Web Content Manager features, like workflow and syndication, to access_control.

When creating a managed page in the portal, a corresponding page item is created in a web content library. We can view and change access_control settings for a managed page in two ways:

Regardless of the method we use to change an access_control setting, the corresponding element is automatically updated. This synchronization ensures that effective permissions are coordinated between the portal page and the web content page item.


Special considerations

Because managed pages integrate features from portal pages and Web Content Manager, there are special considerations that apply with access_control for managed pages.


Required permissions

The following permissions are required for typical actions with managed pages.

Action Required permission
Access a project view in the site toolbar User on the WCM_REST_SERVICE virtual resource
View a project in the site toolbar

  • User on the WCM_REST_SERVICE virtual resource, in addition to the permissions required to view a specific project

  • User on the selected project

Create a project

  • Contributor on the Portal Site library

  • User on the selected project

Create a draft of a published page by editing the page in a project

  • Editor on the page

  • User on the selected project

Create a draft of a published page with the Create Draft action in the site toolbar.

Create a draft child page under a parent page in a project

  • Contributor or Editor on the parent page

  • User on the selected project

Preview a project

  • Can Run As User on the USERS virtual resource

  • The user that is impersonated requires at least User access to the current portal page. If an anonymous user does not have access to the page, the As Unauthenticated User preview option is not available in the site toolbar. In addition, if we select the As User preview option, we cannot select users that do not have access to the page.

  • User on the selected project

    By default only users and unauthenticated users that have explicit access to the project can preview the project. We can globally assign access for users or unauthenticated users to view all items in all libraries and projects in a specific virtual portal or the default virtual portal. To assign these rights, use the Set root access setting in the library administration portlet (Administration > Portal Content > Web Content Libraries).

Create web content by adding web content viewer to a page. The viewer is configured to create and render content from a web content library.

  • Editor on the page

  • User on the viewer portlet

  • No library permissions are enforced.

Perform inline editing of content on a page

  • Editor on the page

  • Appropriate permissions on the library containing the content

For the required permissions for portal pages and web content items, see Access permissions for portal pages and User roles and access for web content items.

The default set of access_control permissions for anonymous users and for members of the All Authenticated Users group are described in Initial Access Control Settings. With managed pages, the following default permissions exist:

To modify a portal page or page item, you require only those permissions that are needed to perform the action from the user interface or programming API. You do not also require permissions for the underlying synchronization actions that take place automatically. These automatic updates are performed with system privileges.

For example, we might add a portlet to a page using the site toolbar. In this case, you require sufficient permissions on the page that we are editing and on the portlet that we are adding. However, you do not need additional permissions for the internal updates to the corresponding items in the web content library.


Approver role for creating draft pages

With managed pages, we can use a workflow to enable business users to create draft versions of pages that they are normally not allowed to edit. By using a workflow in this way, you accomplish two things:

Typically a user with User access to a page has permission only to view the page. But if the user also has Approver access to the corresponding page item in the Portal Site library, the user can create page drafts. When a user has this access, the user can navigate to the portal page and use the site toolbar to create a draft.

To enable business users to create draft pages:

  1. In the Portal Site library, assign a workflow to the page items that correspond to the portal pages you want users to modify. By default, page items are not managed in a workflow.

  2. Edit the publish stage of the workflow, and update the access control properties to add the users to the Approver role.

  3. Edit the initial draft stage of the workflow, and update the access control properties. Add the users to the roles that correspond to the permissions that the users require on the draft pages that they create.


Contributor role for creating child pages

Users with Contributor access to the published version of a page can create child pages under that page. When in edit mode on the parent page, contributors can use the site toolbar to create a child page.


Parent: Administer managed pages

Related:

Workflow and change management