close

Filter

loading table of contents...

Content Server Manual / Version 2401

Table Of Contents

3.15.2 User Rights Management

CoreMedia CMS provides a fine grained access control which respects group memberships, the folder structure and the resource type hierarchy. Some term definitions are necessary to explain user rights management in more detail:

  • Resource: A resource is a content item or folder in the CM repository.

  • Resource type: A resource type defines the fields and the field types of a resource.

  • Folder type '+': Internally, the folder type is stored as the value "+".

  • User: Users may operate on resources, if they have sufficient rights. A user is member of one or more groups.

  • Group: A group can have users and other groups as members. A group that is member of another group is called a subgroup. A group that has a group as its member is called a super group.

  • Right: A right is a permission type. Each right allows only some sorts of resource operations. The following table lists the different rights and the possible resource operations:

  • Rights flag: The rights flag is used, for example, in the dumpusers tool to show the applied rights in a short way.

You will edit rights in Studio (see Section 3.5, “Managing Users and Groups” in Studio User Manual). There, the denomination of rights is slightly different from the UAPI names. Table 3.59, “User rights” shows both versions.

Right

Studio notation

Rights Flag

Description

READ

READ

R

Read content names, content items content and folder names

WRITE

EDIT

M

Create, check out, check in, rename, move and save content items.

DELETE

DELETE

D

Mark and unmark a content item for deletion, move an item to trash. For technical reasons, you cannot attach the DELETE right to a folder. Instead, the DELETE right has implicitly the same value as the EDIT right.

APPROVE

APPROVE

A

Approve, disapprove, approve place, disapprove place a content item or folder

PUBLISH

PUBLISH

P

Publish a resource

SUPERVISE

SUPERVISE

S

Check in or uncheckout a content item from a different user, grant new rights

Table 3.59. User rights


  • Rule: A rule defines a right on a resource of a certain resource type. A rule is granted not to a user but to a group. A user must be a member of a group to get the rights of the group. So a rule consists of a group, a resource, a resource type and a right parameter. Formally a rule is a four-tuple

  • r = (gr,rs,rt,rg)  from (GROUPS x RESOURCES x RESOURCETYPES x RIGHTS)

  • where

  • GROUPS is the set of groups

  • RESOURCES is the set of resources

  • RESOURCETYPES is the set of resource types and the folder type

  • RIGHTS is one of (READ, EDIT, DELETE, APPROVE, PUBLISH, FOLDER, SUPERVISE)

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.