Default permissions

These are default permissions in Magnolia. You can manage them in the Security app. The default permissions are just an example how to grant permissions in a typical website. You should adapt the permissions to match your own organization. App access is configured separately in the app launcher configuration.

Roles

anonymous (role, author instance)

The anonymous role defines the permissions of public, unauthenticated users. Permissions are different on the author and public instances.

Access control lists

Workspace	Permission	Scope	Path
Category	Read only	Selected and sub nodes	`/`
DAM	Read only	Sub nodes	`/`
GoogleSitemaps	Read only	Selected and sub nodes	`/`
Marketing-tags	Read only	Selected and sub nodes	`/`
Resources	Read only	Sub nodes	`/`
Website	Deny access	Sub nodes	`/`

Web access

Permission	Path
Deny	`*`
Deny	`/.magnolia*`

anonymous (role, public instance)

Access control lists

Workspace	Permission	Scope	Path
Category	Read only	Selected and sub nodes	`/`
Dam	Read only	Selected and sub nodes	`/`
GoogleSitemaps	Read only	Selected and sub nodes	`/`
Marketing-tags	Read only	Selected and sub nodes	`/`
Resources	Read only	Sub nodes	`/`
Website	Read only	Sub nodes	`/`

Web access

Permission	Path
Get & Post	`*`
Deny	`/.magnolia`
Deny	`/.magnolia/*`
Deny	`/travel/members/protected*`
Deny	`/travel/members/profile-update*`
Deny	`<travel>/members/protected*`
Deny	`<travel>/members/profile-update*`

superuser (role)

The superuser role provides full access to the system. The permissions are the same on author and public instances.

Access control lists

Workspace	Permission	Scope	Path
AdvancedCache	Read/Write	Sub nodes	`/`
Category	Read/Write	Sub nodes	`/`
Config	Read/Write	Sub nodes	`/`
Contacts	Read/Write	Sub nodes	`/`
Dam	Read/Write	Sub nodes	`/`
Dms*	Read/Write	Sub nodes	`/`
Forum	Read/Write	Sub nodes	`/`
GoogleSitemaps	Read/Write	Sub nodes	`/`
Imaging	Read/Write	Sub nodes	`/`
Keystore	Read/Write	Sub nodes	`/`
Marketing-tags	Read/Write	Sub nodes	`/`
Messages	Read/Write	Sub nodes	`/`
Personas	Read/Write	Sub nodes	`/`
Profiles	Read/Write	Sub nodes	`/`
Resources	Read/Write	Sub nodes	`/`
Rss	Read/Write	Sub nodes	`/`
Scripts	Read/Write	Sub nodes	`/`
Segments	Read/Write	Sub nodes	`/`
Stories	Read/Write	Sub nodes	`/`
Tags	Read/Write	Sub nodes	`/`
Tasks	Read/Write	Sub nodes	`/`
Templates	Read/Write	Sub nodes	`/`
Tours	Read/Write	Sub nodes	`/`
Usergroups	Read/Write	Sub nodes	`/`
Userroles	Read/Write	Sub nodes	`/`
Users	Read/Write	Sub nodes	`/`
Website	Read/Write	Sub nodes	`/`
Workflow (DX Core)	Read/Write	Sub nodes	`/`

Web access

Permission	Path
Get & Post	`*`

Configured access

Applies to	Name	Path
App	Activation	`/modules/activation/apps/activation/permissions/roles`
	Configuration	`/modules/ui-admincentral/apps/configuration/permissions/roles`
	Security	`/modules/security-app/apps/security/permissions/roles`
	Security	`/modules/security-app/dialogs/role/form/tabs/role/fields/jcrName`
	Mail tools	`/modules/mail/apps/mail/permissions/roles`
	Dev tools	`/modules/tools/apps/tools/permissions/roles`
	Backup	`/modules/backup/apps/backup/permissions/roles`
App launcher	Dev group	`/modules/ui-admincentral/config/appLauncherLayout/groups/dev/permissions/roles`
	Tools group	`/modules/ui-admincentral/config/appLauncherLayout/groups/tools/permissions/roles`
Tasks app	Abort action	`/modules/workflow/messageViews/publish/actions/abort/availability/access/roles`
	Archive action	`/modules/workflow/messageViews/publish/actions/archive/availability/access/roles`

travel-demo-base

These are roles specific to the demo websites. The permissions are the same on author and public instances.

Access control lists

Workspace	Permission	Scope	Path
Category	Read only Read only	Selected and sub nodes Selected and sub nodes	`/tour-types` `/destinations`
Dam	Read only	Sub nodes	`/`
Tours	Read only	Sub nodes	`/`
Userroles	Read only	Selected	`/travel-demo-base`

travel-demo-admincentral

These are roles specific to the demo-project example websites. The permissions are the same on author and public instances.

Web access

Permission	Path
Get & Post	`*`

travel-demo-editor

Access control lists

Workspace	Permission	Scope	Path
Category	Read/Write	Sub nodes	`/`
Dam	Read/Write	Sub nodes	`/`
Userroles	Read only	Selected	`/travel-demo-editor`
Website	Read/Write	Sub nodes	`/`

Configured access

Applies to	App	Name	Path
App	Assets		`/modules/dam-app/apps/assets/permissions/roles`
Action	Assets	Activate	`/modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles`
Action	Pages	Activate	`/modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles`

travel-demo-publisher

Access control lists

Workspace	Permission	Scope	Path
Userroles	Read only	Selected	`/travel-demo-publisher`
Website	Read/Write	Sub nodes	`/`

Configured access

Applies to	App	Name	Path
App	Assets		`/modules/dam-app/apps/assets/permissions/roles`
Action	Assets	Activate	`/modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles`
Action	Pages	Activate	`/modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles`

travel-demo-tour-editor

Access control lists

Workspace	Permission	Scope	Path
Category	Read/Write Read/Write	Selected and sub nodes Selected and sub nodes	`/tour-types` `/destinations`
Dam	Read/Write	Sub nodes	`/`
Tours	Read/Write	Sub nodes	`/`
Userroles	Read only	Selected	`/travel-demo-tour-editor`

editor

Installed by the workflow module (DX Core). Allows editing content.

Access control lists

Workspace	Permission	Scope	Path
Category	Read/Write	Sub nodes	`/`
Contacts	Read/Write	Sub nodes	`/`
Dam	Read/Write	Sub nodes	`/`
Userroles	Read only	Selected	`/editor`
Website	Read/Write	Sub nodes	`/`

Configured access

Applies to	App	Name	Path
Action	Pages	Activate	`/modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles`

publisher

Installed by the workflow module (DX Core). Allows publishing content.

Access control lists

Workspace	Permission	Scope	Path
Category	Read only	Sub nodes	`/`
Contacts	Read only	Sub nodes	`/`
Dam	Read only	Sub nodes	`/`
Userroles	Read only	Selected	`/publisher`
Website	Read only	Sub nodes	`/`
Workflow	Read/Write	Sub nodes	`/`

Configured access

Applies to	App	Name	Path
Action	Pages	Activate	`/modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles`

workflow-base

Base role allowing users to use the workflow workspace (DX Core).

Access control lists

Workspace	Permission	Scope	Path
Workflow	Read/Write	Sub nodes	`/`
Userroles	Read only	Selected	`/workflow-base`

contact-base

Access control lists

Workspace	Permission	Scope	Path
Contact	Read only	Sub nodes	`/`
Userroles	Read only	Selected	`/contact-base`

imaging-base

Access control lists

Workspace	Permission	Scope	Path
Imaging	Read only	Sub nodes	`/`
Userroles	Read only	Selected	`/imaging-base`

resources-base

Access control lists

Workspace	Permission	Scope	Path
Config	Read only	Selected and sub nodes	`/modules/resources`
Resources	Read/Write	Sub nodes	`/`
Userroles	Read only	Selected	`/resources-base`

rest-admin

Web access

Permission	Path
Get & Post	`/.rest/*`

Configured access

Applies to	Name	Path
Commands	Delete	`/modules/rest-services/rest-endpoints/commands/enabledCommands/markAsDeleted/access/roles`
	Activate	`/modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles`

rest-editor

Web access

Permission	Path
Deny	`/.rest*`
Get	`/.rest/delivery/*`
Deny	`/.rest/commands*`
Deny	`/.rest/nodes*`
Get & Post	`/.rest/nodes/v1/website*`
Deny	`/.rest/properties*`
Get & Post	`/.rest/properties/v1/website*`
Get & Post	`/.rest/cache/v1*`

rest-anonymous

Web access

Permission	Path
Deny	`/.rest*`
Get	`/.rest/delivery/*`

rest-backup

Web access

Permission	Path
Get & Post	`/.rest/commands/v2/backup/backup`

Configured access

Applies to	Name	Path
Command	Backup	`/modules/rest-services/rest-endpoints/commands/enabledCommands/backup/access/roles`

rss-aggregator-base

Access control lists

Workspace	Permission	Scope	Path
Rss	Read-only	Sub nodes	`/`
Userroles	Read only	Selected	`/rss-aggregator-base`

scripter

Access control lists

Workspace	Permission	Scope	Path
Scripts	Read/Write	Sub nodes	`/`
Userroles	Read only	Selected	`/scripter`

Web access

Permission	Path
Get & Post	`*`

Configured access

Applies to	App	Path
App	Groovy	`/modules/groovy/apps/groovy/permissions/roles`

security-base

Web access

Permission	Path
Deny	`/.magnolia/log4j`
Deny	`/.rest*`

templater-base

Access control lists

Workspace	Permission	Scope	Path
Config	Read-only	Selected and sub nodes	`/modules/inplace-templating`
Templates	Read/Write	Sub nodes	`/`
Userroles	Read only	Selected	`/templater-base`

Configured access

Applies to	App	Path
App	Templates	`/modules/inplace-templating/apps/inplace-templating/permissions/roles`

Groups

Group permissions are the same on author and public instances.

editors

Assigned groups	Assigned roles
(none)	`editor`
	`workflow-base`

publishers

Assigned groups	Assigned roles
(none)	`publisher`
	`workflow-base`

travel-demo-pur

The travel-demo-pur group is used to organize the editors of the sample websites.

Assigned groups	Assigned roles
(none)	`categorization-base`
	`contact-base`
	`forum-pagecomments-user`
	`imaging-base`
	`travel-demo-base`
	`travel-demo-pur`

travel-demo-editors

The travel-demo-editors group is used to organize the editors of the sample websites.

Assigned groups	Assigned roles
(none)	`travel-demo-admincentral`
	`travel-demo-editor`
	`travel-demo-tour-editor`
	`imaging-base`
	`security-base`
	`resources-base`
	`workflow-base`

travel-demo-publishers

The travel-demo-publishers group is used to organize the publishers of the sample websites.

Assigned groups	Assigned roles
(none)	`travel-demo-admincentral`
	`travel-demo-publisher`
	`travel-demo-tour-editor`
	`security-base`
	`workflow-base`

travel-demo-tour-editors

The travel-demo-tour-editors group is used to organize editors in the tour apps of the sample websites.

Assigned groups	Assigned roles
(none)	`travel-demo-admincentral`
	`travel-demo-base`
	`travel-demo-tour-editor`
	`security-base`
	`workflow-base`

Users

eric

User eric is an example editor.

Assigned groups	Assigned roles
`travel-demo-editors`	(none)

eric-de

User eric-de is an example German editor.

Assigned groups	Assigned roles
`travel-demo-editors`	(none)

peter

User peter is an example publisher.

Assigned groups	Assigned roles
`travel-demo-publisher`	(none)

tina

User tina is an example tour editor.

Assigned groups	Assigned roles
`travel-demo-tour-editors`	(none)

System users

anonymous (system user)

User anonymous represents a Web visitor.

The anonymous role has different permissions on author and public.

Assigned groups	Assigned roles
(none)	`anonymous`
	`categorization-base`
	`contact-base`
	`forum-pagecomments-user`
	`imaging-base`
	`rest-anonymous`
	`travel-demo-base`

superuser (system user)

User superuser represents an administrator who has full access to the system.

Assigned groups	Assigned roles
`publishers` (DX Core)	`superuser`
	`rest-admin`
	`forum_ALL_admin`

Page tree

Default permissions

Roles

anonymous (role, author instance)

anonymous (role, public instance)

superuser (role)

travel-demo-base

travel-demo-admincentral

travel-demo-editor

travel-demo-publisher

travel-demo-tour-editor

editor

publisher

workflow-base

contact-base

imaging-base

resources-base

rest-admin

rest-editor

rest-anonymous

rest-backup

rss-aggregator-base

scripter

security-base

templater-base

Groups

editors

publishers

travel-demo-pur

travel-demo-editors

travel-demo-publishers

travel-demo-tour-editors

Users

eric

eric-de

peter

tina

System users

anonymous (system user)

superuser (system user)