Portal, Express Beta Version 6.1 Operating systems: i5/OS, Linux,Windows

Membership principles

Understanding the principles that govern membership for composite applications is important for assigning access to applications and components, managing application membership roles, and learning how role-based access affects application users ability to work with composite applications.

The following principles govern membership and role assignment in composite applications. The default roles for application members, Administrators and Users, are the basis for all new roles that you create for application members. Composite applications are a portal resource type; therefore, application membership roles derive from the role types that provide access control for portal resources.

• An application must have at least one membership role defined for it that corresponds to Administrators. Therefore, the last role in an application that provides manager permissions to the application, its membership, its pages, and the components on each page cannot be deleted.
• A role that is based on Administrators requires at least one member. Therefore, the last member remaining in a role that provides manager permissions cannot be removed from that role.
• A template or application owner is the individual who created the template or application. Template and application owners can change their ownership roles. That is, they can assign another user to become the owner of the template or application.
• Application members maintain the access levels to the application, its pages, and the components on each page according to the membership roles to which they are assigned.
• All authenticated users can be assigned membership to an application in a role that corresponds to Users. All authenticated users cannot be assigned membership in a role that corresponds to Administrators. That is, when application managers choose to Give All Users Access as User role for the application, the selection list only shows membership roles that correspond to Users.
• Users can be given membership as individuals or as a group. If users have been assigned application membership as individuals and as part of a group and group membership is canceled, the individual members still have access to the application. Conversely, if users have been assigned application membership as individuals and as part of the group and their membership as individuals is canceled, they still have membership in the application as a member of the group.
• When membership as an individual and as part of a group results in the user having more than one role, the role providing the highest level of access prevails.