Magnolia 5.4 reached end of life on November 15, 2018. This branch is no longer supported, see End-of-life policy.
The default permissions set up in the Security app demonstrate how to assign roles, ACLs and web access in a typical scenario. These permissions are complemented by configured app access.
The Permissions app allows you to view a comprehensive list of permissions assigned to any user or group in the Security app at any point in time.
The tables below show default permissions, role and group assignments, and configured access permissions.
The anonymous
role defines the permissions of public, unauthenticated users. Permissions are different on the author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Selected and sub nodes | / |
DAM | Read only | Sub nodes | / |
GoogleSitemaps | Read only | Selected and sub nodes | / |
Resources | Read only | Sub nodes | / |
Tags | Read only | Selected and sub nodes | / |
Website | Deny access | Sub nodes | / |
Web access
Permission | Path |
---|---|
Deny | * |
Deny | /.magnolia* |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Selected and sub nodes | / |
Dam | Read only | Selected and sub nodes | / |
GoogleSitemaps | Read only | Selected and sub nodes | / |
Resources | Read only | Sub nodes | / |
Tags | Read only | Selected and sub nodes | / |
Website | Read only | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Deny | /.magnolia* |
Deny | /.magnolia/* |
Deny | /.rest* |
The superuser
role provides full access to the system. The permissions are the same on author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write | Sub nodes | / |
Config | Read/Write | Sub nodes | / |
Contacts | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Dms* | Read/Write | Sub nodes | / |
Forum | Read/Write | Sub nodes | / |
GoogleSitemaps | Read/Write | Sub nodes | / |
Imaging | Read/Write | Sub nodes | / |
Messages | Read/Write | Sub nodes | / |
Profiles | Read/Write | Sub nodes | / |
Resources | Read/Write | Sub nodes | / |
Rss | Read/Write | Sub nodes | / |
Scripts | Read/Write | Sub nodes | / |
Segments | Read/Write | Sub nodes | / |
Tags | Read/Write | Sub nodes | / |
Tasks | Read/Write | Sub nodes | / |
Templates | Read/Write | Sub nodes | / |
Tours | Read/Write | Sub nodes | / |
Usergroups | Read/Write | Sub nodes | / |
Userroles | Read/Write | Sub nodes | / |
Users | Read/Write | Sub nodes | / |
Website | Read/Write | Sub nodes | / |
Workflow (EE) | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
Applies to | Name | Path |
---|---|---|
App | Activation | /modules/activation/apps/activation/permissions/roles |
Configuration | /modules/ui-admincentral/apps/configuration/permissions/roles | |
Security | /modules/security-app/apps/security/permissions/roles | |
Security | /modules/security-app/dialogs/role/form/tabs/role/fields/jcrName | |
Mail tools | /modules/mail/apps/mail/permissions/roles | |
Dev tools | /modules/tools/apps/tools/permissions/roles | |
Backup | /modules/backup/apps/backup/permissions/roles | |
App launcher | Dev group | /modules/ui-admincentral/config/appLauncherLayout/groups/dev/permissions/roles |
Tools group | /modules/ui-admincentral/config/appLauncherLayout/groups/tools/permissions/roles | |
Pulse | Abort action | /modules/workflow/messageViews/publish/actions/abort/availability/access/roles |
Archive action | /modules/workflow/messageViews/publish/actions/archive/availability/access/roles |
These are roles specific to the demo websites. The permissions are the same on author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only Read only | Selected and sub nodes Selected and sub nodes |
|
Dam | Read only | Sub nodes | / |
Tours | Read only | Sub nodes | / |
These are roles specific to the demo-project example websites. The permissions are the same on author and public instances.
Web access
Permission | Path |
---|---|
Get & Post | * |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write Read/Write | Selected and sub nodes Selected and sub nodes |
|
Dam | Read/Write | Sub nodes | / |
Tours | Read/Write | Sub nodes | / |
Installed by the workflow
module (EE). Allows editing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write | Sub nodes | / |
Contacts | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Installed by the workflow
module (EE). Allows publishing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Sub nodes | / |
Contacts | Read only | Sub nodes | / |
Website | Read only | Sub nodes | / |
Workflow | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Base role allowing users to use the workflow
workspace (EE).
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Workflow | Read/Write | Sub nodes | / |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Contact | Read only | Sub nodes | / |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Imaging | Read only | Sub nodes | / |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Config | Read only | Selected and sub nodes |
|
Resources | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Deny | /.rest* |
Deny | /.rest/commands* |
Deny | /.rest/nodes* |
Get & Post | /.rest/nodes/v1/website* |
Deny | /.rest/properties* |
Get & Post | /.rest/properties/v1/website* |
Get & Post | /.rest/cache/v1* |
Get & Post | /.rest/api-docs* |
Configured access
Applies to | Name | Path |
---|---|---|
Commands | Delete | /modules/rest-services/rest-endpoints/commands/enabledCommands/markAsDeleted/access/roles |
Activate | /modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Rss | Read-only | Sub nodes | / |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Scripts | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
Applies to | App | Path |
---|---|---|
App | Groovy | /modules/groovy/apps/groovy/permissions/roles |
Web access
Permission | Path |
---|---|
Deny | /.magnolia/pages/jcrUtils* |
Deny | /.magnolia/log4j |
Deny | /.magnolia/pages/configuration* |
Deny | /.magnolia/pages/logViewer* |
Deny | /.magnolia/pages/users* |
Deny | /.magnolia/pages/import* |
Deny | /.magnolia/pages/export* |
Deny | /.magnolia/pages/permission* |
Deny | /.magnolia/pages/developmentUtils* |
Deny | /.rest* |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Config | Read-only | Selected and sub nodes | /modules/inplace-templating |
Templates | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Path |
---|---|---|
App | Templates | /modules/inplace-templating/apps/inplace-templating/permissions/roles |
Role that allows posting in all forums.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Forum | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | /.magnolia/pages/forum* |
Role which gives administration permissions on ALL forums
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Forum | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | /.magnolia/pages/forum* |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App | Forum | /modules/forum/apps/forum/permissions/roles | |
Actions | Forum | Add forum | /modules/forum/apps/forum/subApps/browser/actions/addForum/availability/access/roles |
Edit forum | /modules/forum/apps/forum/subApps/browser/actions/editForum/availability/access/roles | ||
Delete forum | /modules/forum/apps/forum/subApps/browser/actions/deleteForum/availability/access/roles | ||
Confirm delete | /modules/forum/apps/forum/subApps/browser/actions/confirmDeleteForum/availability/access/roles |
Role which gives moderation permissions on ALL forums
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Forum | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | /.magnolia/pages/forum* |
Configured access
Applies to | App | Path |
---|---|---|
App | Forum | /modules/forum/apps/forum/permissions/roles |
Role which gives commenting permissions.
Workspace | Permission | Scope | Path |
---|---|---|---|
Forum | Read/Write | Selected and sub nodes | /pagecomments |
Group permissions are the same on author and public instances.
The travel-demo-editors
group is used to organize the editors of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) | travel-demo-admincentral |
travel-demo-editor | |
travel-demo-tour-editor | |
imaging-base | |
security-base | |
resources-base | |
workflow-base |
The travel-demo-publishers
group is used to organize the publishers of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) | travel-demo-admincentral |
travel-demo-publisher | |
travel-demo-tour-editor | |
security-base | |
workflow-base |
The travel-demo-tour-editors
group is used to organize editors in the tour apps of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) | travel-demo-admincentral |
travel-demo-base | |
travel-demo-tour-editor | |
security-base | |
workflow-base |
Assigned groups | Assigned roles |
---|---|
(none) | editor |
workflow-base |
Assigned groups | Assigned roles |
---|---|
(none) | publisher |
workflow-base |
User eric
is an example editor.
Assigned groups | Assigned roles |
---|---|
travel-demo-editors | (none) |
User eric-de
is an example German editor.
Assigned groups | Assigned roles |
---|---|
| (none) |
User peter
is an example publisher.
Assigned groups | Assigned roles |
---|---|
| (none) |
User tina is an example tour editor.
Assigned groups | Assigned roles |
---|---|
travel-demo-tour-editors | (none) |
User anonymous
represents a Web visitor.
The
anonymous
role has different permissions on author and public.
Assigned groups | Assigned roles |
---|---|
(none) | anonymous |
categorization-base | |
contact-base | |
forum-pagecomments-user | |
imaging-base | |
travel-demo-base |
User superuser
represents an administrator who has full access to the system.
Assigned groups | Assigned roles |
---|---|
publishers (EE) |
|
rest | |
forum_ALL_admin |