Magnolia 4.5 reached end of life on June 30, 2016. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

Magnolia is an enterprise-wide solution. Numerous users in varied roles work within the system. While a developer may use Magnolia daily, others may only access it sporadically to update specific content on a website. Users need permissions to access the features that allow them to do their job.

For instance, a Web content editor working with Magnolia needs permissions to view and edit sections of a Website that they are responsible for. They may also need the ability to create new pages and submit changes to a review process.

On the other hand, the end-user level functions are not as crucial to a developer who needs access to Magnolia's configuration options, templates and data types.

Between these extreme examples lie the administrators. Although they may not work in Magnolia often, when they do, they expect access to tools and functionality such as settings, maintenance and security configurations.

The standard installation of Magnolia includes default definitions of roles, groups and users. A sample structure is provided to demonstrate a typical setup and can be adapted using the appropriate features.

Default roles

Role

Description

ACL

anonymous

Base role for public, unauthenticated users.

Read permissions to dms, resources, store and expressions workspaces. Note that a user assigned an anonymous role has different access permissions to website workspace in Author and Public instances.

categorization-base

Base role allowing users to read category data type information.

Read permissions to the category data type.

contact-base

Base role allowing users to read contact data type information. Sample role for data module.

Read permission to contact data type.

demo-project-base

Base role allowing users to access the system from STK point of view.

Read permissions to data and resources workspaces, as well as /templating-kit, dms folder and related paths in config workspace. User assigned to this role is able to get and post any URL response or request.

demo-project-editor

Editor role allowing content editing of demo-project website.

Read and write permissions to related paths in website, dms and data workspaces.

demo-project-member

Member role allowing users to access the protected members area based on public user registration module.

Get and post URL permissions to related paths.

demo-project-publisher

Publisher role allowing publishing of content in demo-project websites.

Read permissions to related paths in website, dms and data workspaces.

forum-base

Base role for features of forum module.

Minimal permissions to read the forum workspace and to get and post forum comments.

forum-moderator-base

Base forum moderator role.

In addition to the permissions of forum-base role, users assigned to this role have minimal permissions to access the moderation interface of the forum module in the config workspace.

forum-pagecomments-admin

Forum page commenting administrator role.

Administration permissions to the /pagecomments path of forum workspace.

forum-pagecomments-moderator

Forum page commenting moderator role.

Moderate and delete permissions to the /pagecomments path of forum workspace.

forum-pagecomments-user

Common user role for forum page commenting.

Comment and post permissions to the /pagecomments path of forum workspace.

forum_ALL-admin

Role giving administration permissions on ALL forums

Administration permissions to the / path of forum workspace.

forum_ALL-moderator

Role giving moderation permissions on ALL forums

Moderation permissions to the / path of forum workspace

forum_ALL-user

Role allowing posting in all forums

Post(Write} permissions to the / path of forum workspace

imaging-base

Base role allowing users to read and generate images using imaging module.

Read and write permissions to the imaging workspace.

public-user-registration-base

Base PUR role assigned to anonymous users allowing access to the PUR features.

Get and post URL permissions to related PUR pages.

resources-base

Base role allowing users to use the resources workspace.

Read and write permissions to resources workspace as well as read permissions to related config paths.

rss-aggregator-base

Base role allowing users to read rssaggregator data type information.

Read permissions to the rssaggregator data type.

security-base

Base role denying users access to certain system pages

Access denied permissions to /.magnolia/pages/installedModulesList, /jcrUtils, /log4j, /configuration, /logViewer and /sendMail.

templater-base

Base role allowing users to modify content of templates workspace.

Read and write permissions to templates workspace, as well as read permissions to related config paths.

workflow-base

Base role for the workflow process.

Read and write permissions to the workflow related expressions and store workspaces, as well as read permissions to related config paths.

Default groups

The purpose of groups is to define settings for a group of users, as opposed to individual users. Users with similar privileges are assigned to appropriate groups. Permissions that apply to a group are inherited by its users.

Group

Description

Assigned roles

Assigned group

editors

This group is created by the workflow module and its users are registered upon installation. It is used by the default action workflow and rejected items are sent to the group's inbox.

workflow-base

-

publishers

This group is created by the workflow module and its users are registered upon installation.

workflow-base

-

demo-project-editors

Sample group allowing users to edit content of demo-project website.

demo-project-base, demo-project-editor, imaging-base

editors

demo-project-publishers

Sample group allowing users to publish pages of demo-project website.

demo-project-base, demo-project-publisher, imaging-base

publishers

demo-project-member

Sample group allowing registered users access access to members area pages.

anonymous, contact-base, demo-project-member, resources-base, imaging-base, public-user-registration-base

-

Default users

User settings define the login credentials as well as certain personal settings that identify individuals accessing Magnolia. Users inherit permissions from the roles they belong to, either directly or through groups.

System users

System user

Description

Assigned roles

Assigned group

anonymous

Unauthenticated, public users access the websites using this account.

categorization-base, contact-base, imaging-base, anonymous

-

superuser

User assigned unlimited access permissions.

superuser, forum_ALL-admin

publishers

Users

The following sample users are included in the standard installation.

User

Description

Assigned group

eric

Sample demo-project editor.

demo-project-editor

peter

Sample demo-project publisher.

demo-project-publisher

You can get a list of all permissions assigned to a user or group using the  permissions list tool.

Public users

Users register through the public user registration module can be maintained in this section. It is empty by default.

  • No labels