Item security

Item security

+

Search Tips | Advanced Search

Use access controls on IWWCM items to determine what level of access as user or group has to an item, and who has access to an item on the live Web site.
Various levels of access can be given to Web Content Management items.
Profiling to personalize a site is different from using security to limit what items a user can access. In a profile based personalized site, although a user may not be able to access all the pages using personalized menus, they may still be able to access other pages by using navigators, or by searching for content. In a secured site, a user can only view items that they have been granted access to.
Item Security is set in the Security section of item forms.

Read Allows a user or group to:

View an item in the Authoring Portlet.

View an item in the rendered Web site.

Edit Allows a user or group to:

Edit an item.

View an item in the Authoring Portlet.

View an item in the rendered Web site.

Delete Allows a user or group to:

Delete an item.

Edit an item.

View an item in the Authoring Portlet.

View an item in the rendered Web site.

Workflow security

Users and groups can also be given different access levels during a workflow stage. (These are specified in the properties section of the workflow stage, not the security section.) Workflow security uses the same levels as item security with the addition of "approve".

Approve Allows a user or group to:

Approve an item within a workflow.

View an item in the Authoring Portlet.

View an item in the rendered Web site.

The access that is set in security section does not overrule access rights set in a workflow stage or vice versa. This means that if a user has only Read access to an item, but Edit/Read access in a workflow stage, they will be able to edit the item during that workflow stage. In most cases, the minimum level of security should be set at the item level. Additional access can then be granted within different workflow stages.

Where security is set

When a new item is created, the creator is automatically given full access to the item; live, read, edit and delete. If an item is participating in a workflow, these security settings are only applied to the first stage of a workflow.

Viewing an item's security settings

The following sections are displayed on the security section of each item.

User-Defined If the item is not participating in a workflow, the user can edit access under user-defined.

A user only has access to edit user-defined access up to the same level as the user-defined access they have for that item. For example, A user with Read access can edit the user-defined security for Live and Read access, but not for Edit or Delete access.
Workflow If an item is participating in a workflow, then the user-defined option does not appear and the workflow settings are displayed. This cannot be edited. Workflow-defined access is set in workflow stages.
System-Defined Administrators can edit user access to an item at any time by changing the system-defined settings.
Effective The absolute access to an item is displayed under Effective. This displays the cumulative security of user-defined plus Workflow-defined plus system-defined.

Restricting access to anonymous or authenticated users

When accessing a Web Content Management Web site or rendering portlet, users login as either anonymous users, or authenticated portal users.
The following user and groups can granted access to items.

anonymous portal user Select this user to grant access to anonymous users
[all authenticated portal users] Select this group to grant access to users that have been authenticated by Member Manager.
[all users] Select this group to grant access to all users.

The access required to view a rendered item

To view an item on a rendered page, we need the following:

You need at least read access to the presentation template used to display the current content item.

You need at least read access to every item in the path to the current content item:

library/site/site area/content item

You need at least read access to every item in the path to any elements or components referenced in the presentation template:

library/component

library/site/element

library/site/site area/element

library/site/site area/content item/element

These paths do not need to be the same as the path to the current content item.

There must be a valid template map.

Parent Topic
Develop an access control strategy

User-Defined	If the item is not participating in a workflow, the user can edit access under user-defined. A user only has access to edit user-defined access up to the same level as the user-defined access they have for that item. For example, A user with Read access can edit the user-defined security for Live and Read access, but not for Edit or Delete access.
Workflow	If an item is participating in a workflow, then the user-defined option does not appear and the workflow settings are displayed. This cannot be edited. Workflow-defined access is set in workflow stages.
System-Defined	Administrators can edit user access to an item at any time by changing the system-defined settings.
Effective	The absolute access to an item is displayed under Effective. This displays the cumulative security of user-defined plus Workflow-defined plus system-defined.

anonymous portal user	Select this user to grant access to anonymous users
[all authenticated portal users]	Select this group to grant access to users that have been authenticated by Member Manager.
[all users]	Select this group to grant access to all users.