+

Search Tips   |   Advanced Search

Access control

Use the Portal Access Control (PAC) to control what users can do when they are working with dialogs.

We can assign users the following roles on the virtual resource PCM_DIALOGS:

    Administrator An administrator has the rights and all tasks related to dialogs are done by the administrator.
    Security administrator A security administrator can grant access on dialogs to other users.
    Manager A manager can delete dialog definitions.
    User A user can view a dialog definition and all its transition endpoints and transitions.
    Editor An editor can create or edit a dialog definition. For example, an editor can add or remove transition endpoints or transitions.

These roles settings are inherited.

We can assign users or user groups these roles using the XML configuration interface (xmlaccess). To do so, we can run a script similar to the one shown in code sample 43.

Code sample 43: 

01 <virtual-resource action="update" domain="rel" name="PCM_DIALOGS">
02  <access-control externalized="false" owner="undefined" private="false">
03          <role actionset="User" update="set">
04              <mapping subjectid="all authenticated portal users" subjecttype="user_group" update="set"/>
05          </role>
06  </access-control>
07 </virtual-resource>

Whether a user can process a specific dialog depends on whether the user has sufficient rights on all pages and portlets that are part of the dialog.

We specify access control settings on a dialog definition level. Code sample 44 shows an example.

Code sample 44: 

01 <dialog name="dialog1">
02  <access-control externalized="false" owner="undefined" private="false">
03      <role actionset="User" update="set">
04          <mapping subjectid="uid=wpsadmin,o=defaultWIMFileBasedRealm" subjecttype="USER" update="set"/>
05      </role>
06      <role actionset="Editor" update="set">
07          <mapping subjectid="uid=wpsadmin,o=defaultWIMFileBasedRealm" subjecttype="USER" update="set"/>
08      </role>
09  </access-control>
10  <transition-endpoint name="...">
11      ...
12  </transition-endpoint>
13  <transition>
14      ...
15  </transition>
16 </dialog>

Assign access on a specific dialog definition does not automatically assign access to all artifacts that are part of this dialog definition, such as pages, and portlets.


Parent Advanced concepts