Content Server Manual / Version 2110
Table Of ContentsCoreMedia CMS provides a fine grained access control which respects group memberships, the folder structure and the resource type hierarchy. Some term definitions are necessary to explain user rights management in more detail:
Resource: A resource is a content item or folder in the CM repository.
Resource type: A resource type defines the fields and the field types of a resource.
Folder type '+': Internally, the folder type is stored as the value "+".
User: Users may operate on resources, if they have sufficient rights. A user is member of one or more groups.
Group: A group can have users and other groups as members. A group that is member of another group is called a subgroup. A group that has a group as its member is called a super group.
Right: A right is a permission type. Each right allows only some sorts of resource operations. The following table lists the different rights and the possible resource operations:
Rights flag: The rights flag is used, for example, in the dumpusers tool to show the applied rights in a short way.
You will edit rights in Studio (see Section 3.5, “Managing Users and Groups” in Studio User Manual). There, the denomination of rights is slightly different from the UAPI names. Table 3.58, “User rights” shows both versions.
Right |
Site Manager notation |
Rights Flag |
Description |
---|---|---|---|
READ |
READ |
R |
Read content names, content items content and folder names |
WRITE |
EDIT |
M |
Create, check out, check in, rename, move and save content items. In the Site Manager, you cannot directly attach the EDIT right to a folder. You have to use the FOLDER right. |
DELETE |
DELETE |
D |
Mark and unmark a content item for deletion, move an item to trash. In the Site Manager, you cannot directly attach the DELETE right to a folder. You have to use the FOLDER right. |
APPROVE |
APPROVE |
A |
Approve, disapprove, approve place, disapprove place a content item or folder |
PUBLISH |
PUBLISH |
P |
Publish a resource |
FOLDER |
create subfolder, rename, move and delete a folder The FOLDER right only appears in the Site Manager's user management, but not in the Unified API or Studio. It is a visualization of the DELETE and WRITE rights, attached to a folder. Therefore, DELETE and WRITE rights of a folder must always have the same value. | ||
SUPERVISE |
SUPERVISE |
S |
Check in or uncheckout a content item from a different user, grant new rights |
Table 3.58. User rights
Rule: A rule defines a right on a resource of a certain resource type. A rule is granted not to a user but to a group. A user must be a member of a group to get the rights of the group. So a rule consists of a group, a resource, a resource type and a right parameter. Formally a rule is a four-tuple
r = (gr,rs,rt,rg) from (GROUPS x RESOURCES x RESOURCETYPES x RIGHTS)
where
GROUPS is the set of groups
RESOURCES is the set of resources
RESOURCETYPES is the set of resource types and the folder type
RIGHTS is one of (READ, EDIT, DELETE, APPROVE, PUBLISH, FOLDER, SUPERVISE)