Configure Portal Default Permissions

The permission configuration for the portal is defined in the file portal/WEB-INF/conf/portal/portal-configuration.xml. The component UserACL is described there along with other portal component configuration.

It defines 5 permissions types:

  • super.user: the super user that has all the rights on the platform, by default it is root
  • portal.creator.groups: it defines the list of membership:/groups that will be able to manage the different portal as well as the permission to create new ones
  • navigation.creator.membership.type: tells which membership is used inside a group to grant all the users that has it the right to manage the group pages
  • guests.group: tells the name of the group that will be used as the guest one, aka the group any anonymous user (in public pages) will be in
  • access.control.workspace: defines a list of membership:/groups that will be able to see and expand/collapse the left control workspace (with user widgets and the start menu) that is sometime accessible when a user logs in
<component>
    <key>org.exoplatform.portal.config.UserACL</key>
    <type>org.exoplatform.portal.config.UserACL</type>   
    <init-params>	     
      <value-param>
        <name>super.user</name>
        <description>administrator</description>
        <value>root</value>	    
      </value-param>
      
      <value-param>
        <name>portal.creator.groups</name>
        <description>groups with membership type have permission to manage portal</description>
        <value>*:/platform/administrators,*:/organization/management/executive-board</value>	    
      </value-param>
      
      <value-param>
        <name>navigation.creator.membership.type</name>
        <description>specific membership type have full permission with group navigation</description>
        <value>manager</value>	    
      </value-param>
      <value-param>
        <name>guests.group</name>
        <description>guests group</description>
        <value>/platform/guests</value>	    
      </value-param>     
      <value-param>
        <name>access.control.workspace</name>
        <description>groups with memberships that have the right to access the User Control Workspace</description>
        <value>*:/platform/administrators,*:/organization/management/executive-board</value>	    
      </value-param>           
    </init-params>   
  </component>

Overwrite Portal Default Permissions

The UserACL component from portal 2.5 has supported to add a PortalACLPlugin plugin to be able to overwrite portal default permissions.

<external-component-plugins>
    <target-component>org.exoplatform.portal.config.UserACL</target-component>
    <component-plugin>
      <name>addPortalACLPlugin</name>
      <set-method>addPortalACLPlugin</set-method>
      <type>org.exoplatform.portal.config.PortalACLPlugin</type>
      <description>setting some permission for portal</description>
      <init-params>	    
        <values-param>
          <name>access.control.workspace.roles</name>
          <value>*:/platform/administrators</value>
          <value>*:/organization/management/executive-board</value>	    		
        </values-param>
        <values-param>
          <name>portal.creation.roles</name>
          <value>*:/platform/administrators</value>
          <value>*:/organization/management/executive-board</value>	    	
        </values-param>
      </init-params>
    </component-plugin>
  </external-component-plugins>
 
Products
generated on Tue Jan 06 11:29:04 UTC 2009
eXo Optional Modules
eXo Core Fundations
Recently Modified
Simple language for integrating dynamic content | eXo Products Roadmaps | eXo Enterprise Content Management | Create your own document type and associated Templates | ADVANCED HOW TO
Creator: Benjamin Mestrallet on 2008/01/18 07:06
Copyright (c) 2000-2009. Allright reserved - eXo platform SAS
1.6.13286