Content Server Manual / Version 2406.1
Table Of ContentsCoreMedia CMS provides a fine grained access control which respects group memberships, the folder structure and the resource type hierarchy. Some term definitions are necessary to explain user rights management in more detail:
Resource: A resource is a content item or folder in the CM repository.
Resource type: A resource type defines the fields and the field types of a resource.
Folder type '+': Internally, the folder type is stored as the value "+".
User: Users may operate on resources, if they have sufficient rights. A user is member of one or more groups.
Group: A group can have users and other groups as members. A group that is member of another group is called a subgroup. A group that has a group as its member is called a super group.
Right: A right is a permission type. Each right allows only some sorts of resource operations. The following table lists the different rights and the possible resource operations:
Rights flag: The rights flag is used, for example, in the dumpusers tool to show the applied rights in a short way.
You will edit rights in Studio (see Section 3.5, “Managing Users and Groups” in Studio User Manual). There, the denomination of rights is slightly different from the UAPI names. Table 3.59, “User rights” shows both versions.
Right |
Studio notation |
Rights Flag |
Description |
---|---|---|---|
READ |
READ |
R |
Read content names, content items content and folder names |
WRITE |
EDIT |
M |
Create, check out, check in, rename, move and save content items. |
DELETE |
DELETE |
D |
Mark and unmark a content item for deletion, move an item to trash. For technical reasons, you cannot attach the DELETE right to a folder. Instead, the DELETE right has implicitly the same value as the EDIT right. |
APPROVE |
APPROVE |
A |
Approve, disapprove, approve place, disapprove place a content item or folder |
PUBLISH |
PUBLISH |
P |
Publish a resource |
SUPERVISE |
SUPERVISE |
S |
Check in or uncheckout a content item from a different user, grant new rights |
Table 3.59. User rights
Rule: A rule defines a right on a resource of a certain resource type. A rule is granted not to a user but to a group. A user must be a member of a group to get the rights of the group. So a rule consists of a group, a resource, a resource type and a right parameter. Formally a rule is a four-tuple
r = (gr,rs,rt,rg) from (GROUPS x RESOURCES x RESOURCETYPES x RIGHTS)
where
GROUPS is the set of groups
RESOURCES is the set of resources
RESOURCETYPES is the set of resource types and the folder type
RIGHTS is one of (READ, EDIT, DELETE, APPROVE, PUBLISH, FOLDER, SUPERVISE)