CoreMedia CMS provides a fine grained access control which respects group memberships, the folder structure and the resource type hierarchy. Some term definitions are necessary to explain user rights management in more detail:
Resource: A resource is a content item or folder in the CM repository.
Resource type: A resource type defines the fields and the field types of a resource.
Folder type '+': The folder type is a special value needed to define rules on folders.
User: A user may operate on resources, if he has sufficient rights. A user is member of one or more groups.
Group: A group can have users and other groups as members. A group that is member of another group is called a subgroup. A group that has a group as its member is called a super group.
Right: A right is a permission type. Each right allows only some sorts of resource operations. The following table lists the different rights, the assignable resources (folder or content item) and the possible resource operations:
|
Right |
Assignable to |
Description |
|---|---|---|
|
READ |
Folder, content item |
read content names, content items content and folder names |
|
EDIT |
content item |
create, check out, check in, rename, move and save content items |
|
DELETE |
content item |
mark and unmark a content item for deletion, move an item to trash |
|
APPROVE |
Folder, content item |
approve, disapprove, approve place, disapprove place a content item or folder |
|
PUBLISH |
Folder, content item |
publish a content item or folder |
|
FOLDER |
Folder |
create subfolder, rename, move and delete a folder |
|
SUPERVISE |
content item |
check in or uncheckout a content item from a different user, grant new rights |
Table 3.50. User rights
Rule: A rule defines a right on a resource of a certain resource type. A rule is granted not to a user but to a group. A user must be a member of a group to get the rights of the group. So a rule consists of a group, a resource, a resource type and a right parameter. Formally a rule is a four-tuple
r = (gr,rs,rt,rg) from (GROUPS x RESOURCES x RESOURCETYPES x RIGHTS)where
GROUPS is the set of groups
RESOURCES is the set of resources
RESOURCETYPES is the set of resource types and the special folder type "+"
RIGHTS is one of (READ, EDIT, DELETE, APPROVE, PUBLISH, FOLDER, SUPERVISE)
 |  |  |
 |