The Permissions app tells you what groups and roles are assigned to a given user. The app is useful for permission reporting, auditing and troubleshooting why a user cannot access the resources they should. You can access the app at Tools > Permissions.
The Permissions app is a 4.5 legacy app installed by the UI AdminCentral module. The Tools app group that this app belongs to is only available to the
superuser role. This is configured in the app launcher layout. The app is configured at Configuration >
The Permissions app queries the
userroles workspaces. It does not store any content, just reads existing nodes.
Using the app
Efficient security control can be complex:
- Users can be assigned roles and assigned to groups.
- Groups can be assigned to other groups.
- Roles can be assigned to groups.
The Permissions app allows you to see a complete list of all roles and permissions in one place.
To use the app:
- Go to Tools > Permissions.
- Provide a user or group name. Fill only one field, not both.
- Optional: Check the Show permissions box to include permissions in the report. If left unchecked, only groups/roles will be listed.
- Click Get permission list.
Example: The Permissions app reports the permissions of the
demo-project-editor role in the
website workspace as follows:
These permissions are granted using ACLs. Below you see how ACLs are granted in the Security app. The two ACLs granted to the
demo-project-editor role are in fact stored as four rules in the repository. Each rule is translated into one or more regular expression patterns. This is why the Permissions app reports four permissions.
The app also reports Web access permissions. You can see them as
uri workspace in the report.