Page tree
Skip to end of metadata
Go to start of metadata

A user is an account that identifies the person accessing Magnolia. In addition to a user name, Magnolia stores the user's full name, password, email address as well as language and timezone preferences. Users inherit their permissions from the groups and roles the are attached to. You can edit users in the Security app.

Types of users

 

Type

Example

Users

People who work on site content such as authors, editors and publishers.

System users

Administrative accounts with permissions to configure Magnolia, install new modules and create new templates, for example.

Public users

End users or visitors of the site. They can be registered through the Public User Registration (PUR) module. Registering visitors allows you to provide them with personalized content such as members-only sections of the site, newsletters and mailing lists.

Editing a user profile

Edit user preferences in the Security app.

A logged-in user can set their own preferences by clicking the Edit user profile action in the top right corner.

Editing user profiles

As a system user, you can edit user profiles in the Security app (except for the timezone preference).

Users can edit their own profile settings, including language and timezone preferences, by clicking the Edit user profile action in the top right corner.

The timezone set in the user preferences is used in the Magnolia apps. 

Magnolia continues to record events such as page creation using the host server time. The recorded time is converted and displayed in the user's preferred time zone.

The user must log out and log back in again to see the updated timezone information in Magnolia.

Organizing users

In Magnolia, users are organized as follows:

  • Users can have both roles and groups.
  • Groups can have groups and roles.
  • Roles can have only Access Control Lists (ACLs). 

Permissions are defined in the ACL. Users inherit permissions from the roles and groups assigned to them.

In a small site you can manage users and groups in Magnolia. On a larger site (hundreds of users), it is better to manage users and groups in an enterprise-grade user management infrastructure such as Microsoft Active Directory. You would define roles and ACLs in Magnolia but manage users and groups in the external system.

Get a list of all permissions assigned to a user or group in the Tools tab of the Security app.

Automatic lockout

Automatic lockout is a security precaution that prevents users from accessing Magnolia after a number of failed login attempts.

By default, the lockout is triggered, and the account is automatically disabled by a minimum of N+1 failed login attempts. The number of failed attempts is configurable. When a non-existent username is entered lockout does not occur as the account does not exist. The lockout applies to system users and admin users but does not affect public users. After lockout, an administrator can re-enable the user account by checking the Enabled box in the user profile. When a lockout occurs, this checkbox is cleared.

The number of failed login attempts N that will trigger lockout is configurable using the property maxFailedLoginAttempts at Configuration > /server/security/userManagers/system and /admin. Different values may be set for Users and Systems Users.

Node name

Value

 server

 

 security

 

 userManagers

 

 system

 

 class

info.magnolia.cms.security.SystemUserManager

 lockTimePeriod

0

 maxFailedLoginAttempts

5

 realmName

system

 admin

 

 class

info.magnolia.cms.security.MgnlUserManager

 lockTimePeriod

0

 maxFailedLoginAttempts

5

 realmName

admin

Properties:

allowCrossRealmDuplicateNames

optional , default is false

Allows duplicate usernames in different realms. Only applicable to admin realm.

class

required

A class that implements the UserManager interface.

Implementations:

  • info.magnolia.cms.security.MgnlUserManager manages users stored in Magnolia.
  • info.magnolia.cms.security.ExternalUserManager manages JAAS users.
  • info.magnolia.cms.security.HierarchicalUserManager is a variation of MgnlUserManager that stores users hierarchically using the structure /<path>/<first letter of username>/<first two letters of username> such as /public/j/js/jsmith.
  • info.magnolia.cms.security.DelegatingUserManagerretrieves the user's ACLs.
  • info.magnolia.cms.security.SystemUserManager manages system users such as anonymous and superuser .
disableCache

optional , default is false

Allows to disable caching if set to true .

realmName

required

Realm name corresponding to JAAS login configuration.

  • No labels