Access to applications and components
Specify user access to composite applications, application pages, and application components by customizing the default membership roles that are initially displayed in the Roles portlet: Administrators and Users.
The hierarchy of objects
Use the Roles portlet to view, create, edit, and delete the membership roles for a composite application. When you create or edit application membership roles, you specify the levels of access that members in the role have to work with the application (including editing the application and managing its membership), its pages, and its components:
- composite application
- all application pages
- application components
Application access
All members of a composite application can view and use application pages, regardless of their assigned roles. For each role that you define for an application, you can choose one or both of the following additional permissions for Application Access Settings:
- Also allow members of this role to edit the application.
- Also allow members of this role to manage the membership of the application.
Therefore, all application membership roles are derived from one of three application role types used by portal access control:
- Application manager
- The membership role permits editing the application and managing the membership of the application.
- Application membership manager
- The membership role permits managing the membership of the application. The role does not permit editing the application.
- Application user
- The membership role permits using the application. The role does not permit any level of manager access.
The name of an application membership role does not always imply the permission provided by the underlying application role type. To verify the precise level of access that an application membership role provides, open the Roles portlet in the application: From the application page menu, click Manage Application Roles.
The following table describes the access levels that are available for an application based on the default membership roles, Administrators and Users. You create new membership roles for an application by customizing these predefined roles.
Object Default Membership Role Default Access Provided Application
Administrators
Administrators own the application (Application Owner).
By default, this role grants the additional permission Also allow members of this role to edit the application; this option provides Application Manager access to the application.
By default, this role also grants the permission Also allow members of this role to manage the membership of the application; this option provides Membership Manager access.
Users
Users can view all pages of the application and use the application components according to the specified component access levels.
If Users have permission to use application templates, they can also create applications from templates.
By default, Users do not have the additional access to edit the application and its pages and to manage application membership. You can specify these additional access levels when you customize this membership role.
Pages and components access
Application users will be able to work with all application pages and each application component according to the level of access that you select in the Pages and Components Access Settings table of the Roles portlet. The default application membership roles provide the access levels shown in the following table:
Object Default Membership Role Default Access Provided All Application Pages
Administrators (Can edit the application and control membership)
Users (Can use the application)
Manager (Managers are allowed to create, edit, and delete shared resources.)
User (Users are allowed to view portal content.)
application component (portlet)
Administrators
Users
Manager (Managers are allowed to create, edit, and delete shared resources.)
No access (Cannot access the portlet)
When you create application roles, you change the default settings and select the level of access that you want application users to have when working with all application pages and particular application components. The levels of access that are available for selection are the portal roles that control access rights to portal resources:
- No Access
- Administrator
- Security Administrator
- Delegator
- Manager
- Editor
- Contributor
- Privileged User
- User
To make your selection easy, each access level includes a description next to the portal role name: for example, Editor (Editors are allowed to create and edit shared resources).
Parent topic:
User access to templates and applications
Related tasks
Work with instances of composite applications