Rights, Permissions and Privileges for Users and Groups
The combination of the rights and permissions assigned to users or groups, together with the privileges assigned to one or more groups, determine the actions that users can perform on items. For example, to create a Component, a user requires Component Management rights and write permissions for a Folder in which they can create the Component.
Publication-specific rights
Rights define the types of tasks that users or groups can perform for a specific Publication. You assign rights to users or groups for an entire Publication.
Rights typically convey the security definition of a role in an organization. For example, the role of authors typically involves working with Components but not with Schemas, so users that are authors should have Component Management rights but not Schema Management rights. The system default user Groups therefore have default rights but not default permissions.
The following table describes the operations that are allowed within a Publication by members of the Group that has that right. The rights are grouped according to the types of users who typically require the right.
| Usage | Right | Allowed operations |
|---|---|---|
| For users who create and manage content | Component Management | Creating, modifying and deleting Components |
| Page Management | Creating, modifying and deleting Pages | |
| Translation Management | Sending translatable items for translation
| |
| Publish to Content Distributor | Publishing content to a defined publishing environment | |
| For users who create and manage organizational items
| Structure Group Management | Creating and deleting Structure Groups and changing Structure Group properties |
| Folder Management | Creating and deleting Folders and changing folder properties other than Folder permission settings (this requires Permission Management rights) | |
| Virtual Folder Management | Creating and deleting Virtual Folders (search Folders) | |
| Bundle Management | Creating and deleting Bundles and modifying Bundle properties | |
| Category Management | Creating new Categories, modifying Categories properties and deleting Categories | |
| For administrators and users with elevated rights | Publication Administration | Administrator-level rights within a Publication (but not the right to create or delete it)
This right allows the user to read and update the Publication, and to perform any operation on any item within the Publications, including but not limited to:
|
| Workflow Management | Various operations with Workflow | |
| Lock Management | Resolving locks on items that are locked or and checked out by another user without being a System Administrator.
Users with Lock Management rights will be able to:
An example of when this right can be helpful is when working on a large or distributed team. Perhaps a checked-out item is blocking publishing but, for whatever reason, it cannot be resolved by the person who has it checked out. Another user with this right, like a team lead or lead editor, could resolve checked out item without the need to involve a System Administrator. | |
| Permission Management | Modifying security settings to grant Groups and Users with Rights for Publications and Permissions for Organizational items | |
| Customer Management | Various operations with Target Groups | |
| For implementers | Publication Management | Changes to Publication settings and Blueprint relationships |
| Business Process Type Management | Creating and managing the Business Process Types for the organization | |
| Translation Configuration | Configuring Publications, Folders, Structure Groups, and Categories for translation
| |
| For content designers | Schema Management | Various operations with Schemas |
| Page Template Management | Various operations with Page Templates | |
| Component Template Management | Various operations with Component Templates Component Templates and Template Building Blocks are used only in the legacy, template-based publishing framework. | |
| Template Building Block | Various operations with Template Building Blocks Component Templates and Template Building Blocks are used only in the legacy, template-based publishing framework. |
Permissions on organizational items
Permissions are set on an organizational item in Content Manager and are also specific to a Group. Similar to folder-level permissions in an operating system, Permissions determine the general types of actions that Group members perform on that organizational item.
- Read—view items in the organizational item
- Write—create or edit items in the organizational item
- Delete—delete items from the organizational item
- Localize—create local copies of shared BluePrint items
- Read—view items in the Bundle
- Add items—add items to the Bundle
- Remove items—-remove items from the Bundle
System-wide Privileges
Privileges are granted to one or more Groups to allow a User of one or more of those Groups to manage parts of the system that are not inside a Publication.
| Privilege | Allowed operations |
|---|---|
| System Administrator Privilege | Performing all operations |
| System Privilege Management Privilege | Granting or revoking system privileges; excluding the following capabilities:
|
| Group Management Privilege | Creating, viewing, updating and deleting Groups The operations permitted include managing Group scope and membership, getting a list of Users, editing a User and changing the Group membership of a User. |
| Approval Status Management Privilege | Creating, viewing, editing and deleting Approval Statuses |
| Multimedia Type Management Privilege | Creating, viewing, editing and deleting Multimedia Types |
| Publish Transaction Management Privilege | Viewing, editing, deleting and undoing Publish Transactions, including those not initiated by the User |
| Child Publication Creation Privilege | Creating Child Publications of Publications to which the User has access Typically, you would use this privilege to manage who can or cannot create Publications intended to be used as websites, either using the Site Wizard or in the Publication BluePrint hierarchy. |
| Topology Manager Read Privilege | Viewing the Topology Management slide-out navigation screen in Content Manager Explorer and in Experience Manager, and reading Topology Manager data |