Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.
These are default permissions in Magnolia. You can manage them in the Security app. The default permissions are just an example how to grant permissions in a typical website. You should adapt the permissions to match your own organization. App access is configured separately in the app launcher configuration.
Roles
anonymous (role, author instance)
The anonymous
role defines the permissions of public, unauthenticated users. Permissions are different on the author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Selected and sub nodes | / |
DAM | Read only | Sub nodes | / |
GoogleSitemaps | Read only | Selected and sub nodes | / |
Marketing-tags | Read only | Selected and sub nodes | / |
Resources | Read only | Sub nodes | / |
Website | Deny access | Sub nodes | / |
Web access
Permission | Path |
---|---|
Deny | * |
Deny | /.magnolia* |
anonymous (role, public instance)
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Selected and sub nodes | / |
Dam | Read only | Selected and sub nodes | / |
GoogleSitemaps | Read only | Selected and sub nodes | / |
Marketing-tags | Read only | Selected and sub nodes | / |
Resources | Read only | Sub nodes | / |
Website | Read only | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Deny | /.magnolia |
Deny | /.magnolia/* |
Deny | /travel/members/protected* |
Deny | /travel/members/profile-update* |
Deny | <travel>/members/protected* |
Deny | <travel>/members/profile-update* |
superuser (role)
The superuser
role provides full access to the system. The permissions are the same on author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
AdvancedCache | Read/Write | Sub nodes | / |
Category | Read/Write | Sub nodes | / |
Config | Read/Write | Sub nodes | / |
Contacts | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Dms* | Read/Write | Sub nodes | / |
Forum | Read/Write | Sub nodes | / |
GoogleSitemaps | Read/Write | Sub nodes | / |
Imaging | Read/Write | Sub nodes | / |
Keystore | Read/Write | Sub nodes | / |
Marketing-tags | Read/Write | Sub nodes | / |
Messages | Read/Write | Sub nodes | / |
Personas | Read/Write | Sub nodes | / |
Profiles | Read/Write | Sub nodes | / |
Resources | Read/Write | Sub nodes | / |
Rss | Read/Write | Sub nodes | / |
Scripts | Read/Write | Sub nodes | / |
Segments | Read/Write | Sub nodes | / |
Stories | Read/Write | Sub nodes | / |
Tags | Read/Write | Sub nodes | / |
Tasks | Read/Write | Sub nodes | / |
Templates | Read/Write | Sub nodes | / |
Tours | Read/Write | Sub nodes | / |
Usergroups | Read/Write | Sub nodes | / |
Userroles | Read/Write | Sub nodes | / |
Users | Read/Write | Sub nodes | / |
Website | Read/Write | Sub nodes | / |
Workflow (EE) | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
Applies to | Name | Path |
---|---|---|
App | Activation | /modules/activation/apps/activation/permissions/roles |
Configuration | /modules/ui-admincentral/apps/configuration/permissions/roles | |
Security | /modules/security-app/apps/security/permissions/roles | |
Security | /modules/security-app/dialogs/role/form/tabs/role/fields/jcrName | |
Mail tools | /modules/mail/apps/mail/permissions/roles | |
Dev tools | /modules/tools/apps/tools/permissions/roles | |
Backup | /modules/backup/apps/backup/permissions/roles | |
App launcher | Dev group | /modules/ui-admincentral/config/appLauncherLayout/groups/dev/permissions/roles |
Tools group | /modules/ui-admincentral/config/appLauncherLayout/groups/tools/permissions/roles | |
Pulse | Abort action | /modules/workflow/messageViews/publish/actions/abort/availability/access/roles |
Archive action | /modules/workflow/messageViews/publish/actions/archive/availability/access/roles |
travel-demo-base
These are roles specific to the demo websites. The permissions are the same on author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only Read only | Selected and sub nodes Selected and sub nodes |
|
Dam | Read only | Sub nodes | / |
Tours | Read only | Sub nodes | / |
Userroles | Read only | Selected |
/travel-demo-base
|
travel-demo-admincentral
These are roles specific to the demo-project example websites. The permissions are the same on author and public instances.
Web access
Permission | Path |
---|---|
Get & Post | * |
travel-demo-editor
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Userroles | Read only | Selected |
/travel-demo-editor
|
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
travel-demo-publisher
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Userroles | Read only | Selected | /travel-demo-publisher |
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
travel-demo-tour-editor
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write Read/Write | Selected and sub nodes Selected and sub nodes |
|
Dam | Read/Write | Sub nodes | / |
Tours | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /travel-demo-tour-editor |
editor
Installed by the workflow
module (EE). Allows editing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write | Sub nodes | / |
Contacts | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /editor |
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
publisher
Installed by the workflow
module (EE). Allows publishing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Sub nodes | / |
Contacts | Read only | Sub nodes | / |
Dam | Read only | Sub nodes | / |
Userroles | Read only | Selected | /publisher |
Website | Read only | Sub nodes | / |
Workflow | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
workflow-base
Base role allowing users to use the workflow
workspace (EE).
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Workflow | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /workflow-base |
contact-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Contact | Read only | Sub nodes | / |
Userroles | Read only | Selected | /contact-base |
imaging-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Imaging | Read only | Sub nodes | / |
Userroles | Read only | Selected | /imaging-base |
resources-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Config | Read only | Selected and sub nodes |
|
Resources | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /resources-base |
rest-admin
Web access
Permission | Path |
---|---|
Get & Post |
|
Configured access
Applies to | Name | Path |
---|---|---|
Commands | Delete |
|
Activate | /modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles |
rest-editor
Web access
Permission | Path |
---|---|
Deny |
|
Get | /.rest/delivery/* |
Deny |
|
Deny |
|
Get & Post |
|
Deny |
|
Get & Post |
|
Get & Post |
|
rest-anonymous
Web access
Permission | Path |
---|---|
Deny |
|
Get |
|
rest-backup
Web access
Permission | Path |
---|---|
Get & Post |
|
Configured access
Applies to | Name | Path |
---|---|---|
Command | Backup |
|
rss-aggregator-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Rss | Read-only | Sub nodes | / |
Userroles | Read only | Selected | /rss-aggregator-base |
scripter
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Scripts | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /scripter |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
Applies to | App | Path |
---|---|---|
App | Groovy | /modules/groovy/apps/groovy/permissions/roles |
security-base
Web access
Permission | Path |
---|---|
Deny | /.magnolia/log4j |
Deny | /.rest* |
templater-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Config | Read-only | Selected and sub nodes | /modules/inplace-templating |
Templates | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /templater-base |
Configured access
Applies to | App | Path |
---|---|---|
App | Templates | /modules/inplace-templating/apps/inplace-templating/permissions/roles |
Groups
Group permissions are the same on author and public instances.
editors
Assigned groups | Assigned roles |
---|---|
(none) | editor |
workflow-base |
publishers
Assigned groups | Assigned roles |
---|---|
(none) | publisher |
workflow-base |
travel-demo-pur
The travel-demo-pur
group is used to organize the editors of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) |
categorization-base
|
contact-base | |
forum-pagecomments-user | |
imaging-base
| |
travel-demo-base
| |
travel-demo-pur |
travel-demo-editors
The travel-demo-editors
group is used to organize the editors of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) | travel-demo-admincentral |
travel-demo-editor | |
travel-demo-tour-editor | |
imaging-base | |
security-base | |
resources-base | |
workflow-base |
travel-demo-publishers
The travel-demo-publishers
group is used to organize the publishers of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) | travel-demo-admincentral |
travel-demo-publisher | |
travel-demo-tour-editor | |
security-base | |
workflow-base |
travel-demo-tour-editors
The travel-demo-tour-editors
group is used to organize editors in the tour apps of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) | travel-demo-admincentral |
travel-demo-base | |
travel-demo-tour-editor | |
security-base | |
workflow-base |
Users
eric
User eric
is an example editor.
Assigned groups | Assigned roles |
---|---|
travel-demo-editors | (none) |
eric-de
User eric-de
is an example German editor.
Assigned groups | Assigned roles |
---|---|
| (none) |
peter
User peter
is an example publisher.
Assigned groups | Assigned roles |
---|---|
| (none) |
tina
User tina is an example tour editor.
Assigned groups | Assigned roles |
---|---|
travel-demo-tour-editors | (none) |
System users
anonymous (system user)
User anonymous
represents a Web visitor.
The
anonymous
role has different permissions on author and public.
Assigned groups | Assigned roles |
---|---|
(none) | anonymous |
categorization-base | |
contact-base | |
forum-pagecomments-user | |
imaging-base | |
rest-anonymous | |
travel-demo-base |
superuser (system user)
User superuser
represents an administrator who has full access to the system.
Assigned groups | Assigned roles |
---|---|
publishers (EE) |
|
rest-admin | |
forum_ALL_admin |