Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
These are default permissions in Magnolia. You can manage them in the Security app. The default permissions are just an example how to grant permissions in a typical website. You should adapt the permissions to match your own organization. App access is configured separately in the app launcher configuration.
The anonymous role defines the permissions of public, unauthenticated users. Permissions are different on the author and public instances.
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Category | Read only | Selected and sub nodes | / |
| DAM | Read only | Sub nodes | / |
| GoogleSitemaps | Read only | Selected and sub nodes | / |
| Marketing-tags | Read only | Selected and sub nodes | / |
| Resources | Read only | Sub nodes | / |
| Website | Deny access | Sub nodes | / |
Web access
| Permission | Path |
|---|---|
| Deny | * |
| Deny | /.magnolia* |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Category | Read only | Selected and sub nodes | / |
| Dam | Read only | Selected and sub nodes | / |
| GoogleSitemaps | Read only | Selected and sub nodes | / |
| Marketing-tags | Read only | Selected and sub nodes | / |
| Resources | Read only | Sub nodes | / |
| Website | Read only | Sub nodes | / |
Web access
| Permission | Path |
|---|---|
| Get & Post | * |
| Deny | /.magnolia |
| Deny | /.magnolia/* |
| Deny | /travel/members/protected* |
| Deny | /travel/members/profile-update* |
| Deny | <travel>/members/protected* |
| Deny | <travel>/members/profile-update* |
The superuser role provides full access to the system. The permissions are the same on author and public instances.
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| AdvancedCache | Read/Write | Sub nodes | / |
| Category | Read/Write | Sub nodes | / |
| Config | Read/Write | Sub nodes | / |
| Contacts | Read/Write | Sub nodes | / |
| Dam | Read/Write | Sub nodes | / |
| Dms* | Read/Write | Sub nodes | / |
| Forum | Read/Write | Sub nodes | / |
| GoogleSitemaps | Read/Write | Sub nodes | / |
| Imaging | Read/Write | Sub nodes | / |
| Keystore | Read/Write | Sub nodes | / |
| Marketing-tags | Read/Write | Sub nodes | / |
| Messages | Read/Write | Sub nodes | / |
| Personas | Read/Write | Sub nodes | / |
| Profiles | Read/Write | Sub nodes | / |
| Resources | Read/Write | Sub nodes | / |
| Rss | Read/Write | Sub nodes | / |
| Scripts | Read/Write | Sub nodes | / |
| Segments | Read/Write | Sub nodes | / |
| Stories | Read/Write | Sub nodes | / |
| Tags | Read/Write | Sub nodes | / |
| Tasks | Read/Write | Sub nodes | / |
| Templates | Read/Write | Sub nodes | / |
| Tours | Read/Write | Sub nodes | / |
| Usergroups | Read/Write | Sub nodes | / |
| Userroles | Read/Write | Sub nodes | / |
| Users | Read/Write | Sub nodes | / |
| Website | Read/Write | Sub nodes | / |
| Workflow (EE) | Read/Write | Sub nodes | / |
Web access
| Permission | Path |
|---|---|
| Get & Post | * |
Configured access
| Applies to | Name | Path |
|---|---|---|
| App | Activation | /modules/activation/apps/activation/permissions/roles |
| Configuration | /modules/ui-admincentral/apps/configuration/permissions/roles | |
| Security | /modules/security-app/apps/security/permissions/roles | |
| Security | /modules/security-app/dialogs/role/form/tabs/role/fields/jcrName | |
| Mail tools | /modules/mail/apps/mail/permissions/roles | |
| Dev tools | /modules/tools/apps/tools/permissions/roles | |
| Backup | /modules/backup/apps/backup/permissions/roles | |
| App launcher | Dev group | /modules/ui-admincentral/config/appLauncherLayout/groups/dev/permissions/roles |
| Tools group | /modules/ui-admincentral/config/appLauncherLayout/groups/tools/permissions/roles | |
| Pulse | Abort action | /modules/workflow/messageViews/publish/actions/abort/availability/access/roles |
| Archive action | /modules/workflow/messageViews/publish/actions/archive/availability/access/roles |
These are roles specific to the demo websites. The permissions are the same on author and public instances.
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Category | Read only Read only | Selected and sub nodes Selected and sub nodes |
|
| Dam | Read only | Sub nodes | / |
| Tours | Read only | Sub nodes | / |
| Userroles | Read only | Selected |
/travel-demo-base
|
These are roles specific to the demo-project example websites. The permissions are the same on author and public instances.
Web access
| Permission | Path |
|---|---|
| Get & Post | * |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Category | Read/Write | Sub nodes | / |
| Dam | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected |
/travel-demo-editor
|
| Website | Read/Write | Sub nodes | / |
Configured access
| Applies to | App | Name | Path |
|---|---|---|---|
| App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
| Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
| Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Userroles | Read only | Selected | /travel-demo-publisher |
| Website | Read/Write | Sub nodes | / |
Configured access
| Applies to | App | Name | Path |
|---|---|---|---|
| App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
| Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
| Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Category | Read/Write Read/Write | Selected and sub nodes Selected and sub nodes |
|
| Dam | Read/Write | Sub nodes | / |
| Tours | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /travel-demo-tour-editor |
Installed by the workflow module (EE). Allows editing content.
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Category | Read/Write | Sub nodes | / |
| Contacts | Read/Write | Sub nodes | / |
| Dam | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /editor |
| Website | Read/Write | Sub nodes | / |
Configured access
| Applies to | App | Name | Path |
|---|---|---|---|
| Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Installed by the workflow module (EE). Allows publishing content.
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Category | Read only | Sub nodes | / |
| Contacts | Read only | Sub nodes | / |
| Dam | Read only | Sub nodes | / |
| Userroles | Read only | Selected | /publisher |
| Website | Read only | Sub nodes | / |
| Workflow | Read/Write | Sub nodes | / |
Configured access
| Applies to | App | Name | Path |
|---|---|---|---|
| Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Base role allowing users to use the workflow workspace (EE).
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Workflow | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /workflow-base |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Contact | Read only | Sub nodes | / |
| Userroles | Read only | Selected | /contact-base |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Imaging | Read only | Sub nodes | / |
| Userroles | Read only | Selected | /imaging-base |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Config | Read only | Selected and sub nodes |
|
| Resources | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /resources-base |
Web access
Permission | Path |
|---|---|
Get & Post |
|
Configured access
Applies to | Name | Path |
|---|---|---|
Commands | Delete |
|
Activate | /modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles |
Web access
Permission | Path |
|---|---|
Deny |
|
| Get | /.rest/delivery/* |
Deny |
|
Deny |
|
Get & Post |
|
Deny |
|
Get & Post |
|
Get & Post |
|
Web access
Permission | Path |
|---|---|
Deny |
|
Get |
|
Web access
Permission | Path |
|---|---|
Get & Post |
|
Configured access
Applies to | Name | Path |
|---|---|---|
Command | Backup |
|
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Rss | Read-only | Sub nodes | / |
| Userroles | Read only | Selected | /rss-aggregator-base |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Scripts | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /scripter |
Web access
| Permission | Path |
|---|---|
| Get & Post | * |
Configured access
| Applies to | App | Path |
|---|---|---|
| App | Groovy | /modules/groovy/apps/groovy/permissions/roles |
Web access
| Permission | Path |
|---|---|
| Deny | /.magnolia/log4j |
| Deny | /.rest* |
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Config | Read-only | Selected and sub nodes | /modules/inplace-templating |
| Templates | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /templater-base |
Configured access
| Applies to | App | Path |
|---|---|---|
| App | Templates | /modules/inplace-templating/apps/inplace-templating/permissions/roles |
Group permissions are the same on author and public instances.
| Assigned groups | Assigned roles |
|---|---|
| (none) | editor |
workflow-base |
| Assigned groups | Assigned roles |
|---|---|
| (none) | publisher |
workflow-base |
The travel-demo-pur group is used to organize the editors of the sample websites.
| Assigned groups | Assigned roles |
|---|---|
| (none) |
categorization-base
|
contact-base | |
forum-pagecomments-user | |
imaging-base
| |
travel-demo-base
| |
travel-demo-pur |
The travel-demo-editors group is used to organize the editors of the sample websites.
| Assigned groups | Assigned roles |
|---|---|
| (none) | travel-demo-admincentral |
travel-demo-editor | |
travel-demo-tour-editor | |
imaging-base | |
security-base | |
resources-base | |
workflow-base |
The travel-demo-publishers group is used to organize the publishers of the sample websites.
| Assigned groups | Assigned roles |
|---|---|
| (none) | travel-demo-admincentral |
travel-demo-publisher | |
travel-demo-tour-editor | |
security-base | |
workflow-base |
The travel-demo-tour-editors group is used to organize editors in the tour apps of the sample websites.
| Assigned groups | Assigned roles |
|---|---|
| (none) | travel-demo-admincentral |
travel-demo-base | |
travel-demo-tour-editor | |
security-base | |
workflow-base |
User eric is an example editor.
| Assigned groups | Assigned roles |
|---|---|
travel-demo-editors | (none) |
User eric-de is an example German editor.
| Assigned groups | Assigned roles |
|---|---|
| (none) |
User peter is an example publisher.
| Assigned groups | Assigned roles |
|---|---|
| (none) |
User tina is an example tour editor.
| Assigned groups | Assigned roles |
|---|---|
travel-demo-tour-editors | (none) |
User anonymous represents a Web visitor.
The
anonymous role has different permissions on author and public.
| Assigned groups | Assigned roles |
|---|---|
| (none) | anonymous |
categorization-base | |
contact-base | |
forum-pagecomments-user | |
imaging-base | |
rest-anonymous | |
travel-demo-base |
User superuser represents an administrator who has full access to the system.
| Assigned groups | Assigned roles |
|---|---|
publishers (EE) |
|
rest-admin | |
forum_ALL_admin |