Magnolia 5.3 reached end of life on June 30, 2017. This branch is no longer supported, see End-of-life policy.

Page tree
Skip to end of metadata
Go to start of metadata

The Permissions app tells you what groups and roles are assigned to a given user. The app is useful for permission reporting, auditing and troubleshooting why a user cannot access the resources they should. You can access the app at Tools > Permissions.

Configuration

The Permissions app is a 4.5 legacy app installed by the UI AdminCentral module. The Tools app group that this app belongs to is only available to the superuser role. This is configured in the app launcher layout. The app is configured at Configuration > /modules/ui-admincentral/apps/permissions.

Node name

 modules

 ui-admincentral

 apps

 permissions

Workspace

The Permissions app queries the users, usergroups and userroles workspaces. It does not store any content, just reads existing nodes.

Using the app

Efficient security control can be complex:

  • Users can be assigned roles and assigned to groups.
  • Groups can be assigned to other groups.
  • Roles can be assigned to groups.

The Permissions app allows you to see a complete list of all roles and permissions in one place.

To use the app:

  1. Go to Tools > Permissions.
  2. Provide a user or group name. Fill only one field, not both.
  3. Optional: Check the Show permissions box to include permissions in the report. If left unchecked, only groups/roles will be listed.
  4. Click Get permission list.

Example: The Permissions app reports the permissions of the demo-project-editor role in the website workspace as follows:

 Role: demo-project-editor
    Read/Write permission in the workspace website with path /demo-project
    Read/Write permission in the workspace website with path /demo-project/*
    Read only permission in the workspace website with path /$
    Read only permission in the workspace website with path /$/*

These permissions are granted using ACLs. Below you see how ACLs are granted in the Security app. The two ACLs granted to the demo-project-editor role are in fact stored as four rules in the repository. Each rule is translated into one or more regular expression patterns. This is why the Permissions app reports four permissions.

The app also reports Web access permissions. You can see them as uri workspace in the report.