User access and security
User access control policies provide secure access to the Content Manager repository and all the objects it contains. User roles and groups define access to objects in the repository.
Users
Users are individuals who can sign in to Content Manager and access the repository content. Once the user has accessed the system, the combination of the user's group specification, role assignments, and folder structure in the repository defines the specific actions a user can perform and the information a user can access.
User groups and folders
The user group defines the access the user has to the folders in the repository and objects they contain. Because folders contain specific types of objects, you must consider what content is appropriate for each group to access. For example, library folder content is designed for reuse and therefore it may not be appropriate for all users to modify. If you want to restrict access to library folder content, you can create a separate group to be responsible for creating and maintaining the library folders and restrict all other groups to read-only access for library content.
Permission levels for folders
Permission levels are:
- No access
- Users cannot see the folder nor can they access the objects in any way, not even through search.
- Read-only access
- Users can only see and reuse the objects stored in that folder.
- Modify access
- Users can read-write-delete objects and their metadata.
User roles
User roles determine how a user can participate in the workflow, and the options available in the user interface.
- Users can have one or more roles.
- The Settings tab in Organize Space is only visible if you have the user role Administrator.
- The Inboxes visible to a user depends on the user roles as defined in the inbox configuration.
- The status transitions that can be done depending on the user roles as defined in the status transition configuration.
User roles and workflow
The user roles map to activities in the workflow. Because the same person may perform many different activities for the team, the same user can be a member of multiple roles.
Authentication and Access Management
User authentication is the mechanism for verifying the identity of users before they are allowed to access Tridion Docs applications. This authentication is performed by an identity provider (IdP), which is defined and managed in the Access Management system.
The way authentication works depends on your specific implementation of Access Management and choice of identity provider. This can be either an external IdP or the Tridion Docs Identity Provider, an internal IdP that is automatically installed with Tridion Docs.
For more information on Access Management, refer Using Access Management.