Define roles within a library

Define roles within a library

+
Search Tips | Advanced Search

Additive and subtractive methodology

You can assign roles to both a whole library, and the item types within a library using either an additive or subtractive methodology.
For example, with an additive methodology, you apply the "All Authenticated Portal Users" to the "Contributor" role to the entire library. This will give "All Authenticated Portal Users" access to the library and any authoring portlets configured to use the library. You then apply Editor, Manager or Administrator roles to specific resource types to grant additional access to specified users or groups.
With a subtractive methodology, you apply the Manager or Administrator role to a user or group to the entire library. You then apply Editor, Contributor or User roles to specific item types and deselect the inheritance check-box. This reduces the access to different item types for specified users or groups.
We recommend that propagation from the Web content library is enabled because this will simplify administrating library access and because disabling propagation will result in access related errors.

Assign access permissions to a library and library item types

Open the administration portlet.
Go to...
Portal Content | Manage Web Content Libraries

Set your library access permissions:

Click on the library you would like to edit.
Click on the role you would like to edit.
Click Add and search for any users or groups you would like to assign to a role.
Click OK.
Click Resources to return to the previous view.
Click Done.

Set access permissions to the different library item types. This defines the views and actions that are available from within the authoring portlet:

Click on the library you would like to edit.
Click on the role you would like to edit.
Click Add and search for any users or groups you would like to assign to a role.
Click OK.
Click Resources to return to the previous view.
Click Done.

Roles

You assign users and groups to the following roles:

Roles Rendering and authoring portlet access rights
User Users and groups assigned to this role can:

view items in a Web site or rendering portlet that they have been assigned user access to.

The simplest way to assign users to this role is to select any of the default user groups such as "All Authenticated Portal Users" or "Anonymous Portal User". Users will still require "user" access to an item before it will be rendered in a Web site or rendering portlet.
Contributor Users and groups assigned to this role can:

view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to.
view libraries that they have been assigned contributor access to in an authoring portlet.
access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to.
access the item type view within the authoring portlet for item types that they been assigned user access to.

Editor

view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to.
view libraries that they have been assigned contributor access to in an authoring portlet.
access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to.
for library item types that user and groups have been assigned editor access to, editors can access the following actions in the authoring portlet:

access the item type view
create a new item
add/remove links
apply authoring template
copy
delete
edit
link to
move

Manager Users and groups assigned to these roles can:

view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to.
view libraries that they have been assigned contributor access to in an authoring portlet.
access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to.
for library item types that they have been assigned manager access to, managers can access the all of the actions available to editors and also the following actions in the authoring portlet:

edit access settings
next stage
purge
unlock
edit user profile

Administrator Users and groups assigned to these roles can:

view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to.
view libraries that they have been assigned contributor access to in an authoring portlet.
access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to.
all actions in the authoring portlet for library item types that they have been assigned administrator access to.

Security Administrator
Delegator
Privileged User These roles have no access to WCM items.

IBM WebSphere Portal Administrators

WebSphere Portal Administrators automatically have Administrator access to all item-types.

Assigning roles to anonymous or authenticated users

When accessing a WCM Web Site or Rendering Portlet, users login as either anonymous users, or authenticated portal users.
The following pre-defined groups can be assigned roles in a library.
Anonymous portal user Select this user to assign a role to anonymous users.
All Authenticated Portal Users Select this group to assign a role to users that have logged on to your server.
Users and User Groups Select this group to assign a role to all users and groups.
All Portal User Groups Select this group to assign a role to all groups.

Item-level security inheritance

By default, each role's access is automatically inherited down to each item in a library. To prevent a user or group from automatically having inherited access to an item, turn off inheritance on that item.
The permissions set for item types in a library do not automatically give you access to individual items. They only give you access to specific tasks and views within the authoring portlet.
To disable automatic inheritance edit...
was_profile_root/PortalServer/wcm/shared/app/config/wcmservices/WCM ConfigService.properties

...and set...
default.inherit.permissions.enabled=false

Restart WebSphere Portal to enable configuration changes.

Parent topic
Work with libraries

Parent topic
Developing an access control strategy

Roles	Rendering and authoring portlet access rights
User	Users and groups assigned to this role can: view items in a Web site or rendering portlet that they have been assigned user access to. The simplest way to assign users to this role is to select any of the default user groups such as "All Authenticated Portal Users" or "Anonymous Portal User". Users will still require "user" access to an item before it will be rendered in a Web site or rendering portlet.
Contributor	Users and groups assigned to this role can: view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to. view libraries that they have been assigned contributor access to in an authoring portlet. access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to. access the item type view within the authoring portlet for item types that they been assigned user access to.
Editor	view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to. view libraries that they have been assigned contributor access to in an authoring portlet. access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to. for library item types that user and groups have been assigned editor access to, editors can access the following actions in the authoring portlet: access the item type view create a new item add/remove links apply authoring template copy delete edit link to move
Manager	Users and groups assigned to these roles can: view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to. view libraries that they have been assigned contributor access to in an authoring portlet. access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to. for library item types that they have been assigned manager access to, managers can access the all of the actions available to editors and also the following actions in the authoring portlet: edit access settings next stage purge unlock edit user profile
Administrator	Users and groups assigned to these roles can: view items in a rendering portlet or servlet-rendered web site that they have been assigned user access to. view libraries that they have been assigned contributor access to in an authoring portlet. access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to. all actions in the authoring portlet for library item types that they have been assigned administrator access to.
Security Administrator Delegator Privileged User	These roles have no access to WCM items.

Anonymous portal user	Select this user to assign a role to anonymous users.
All Authenticated Portal Users	Select this group to assign a role to users that have logged on to your server.
Users and User Groups	Select this group to assign a role to all users and groups.
All Portal User Groups	Select this group to assign a role to all groups.