Content Management Guide
CHAPTER 19
This chapter describes how to secure access to content using the CMS Administration Console. It has these sections:
For background information, see Securing Content.
The CMS Administration Console allows administratorsand other users with PROTECT permissionto control access to CM elements. Administrators can assign users and groups various levels of access permission on an element-by-element basis to the following types of content:
When users with PROTECT permission open one of these CM elements in the CMS Administration Console, they will see a Security tab in the Property Inspector. The Security tab displays controls for assigning levels of access to the selected CM element.
For example, here is what the Security tab looks like after assigning the ContentAdmins Group WRITE access to the document PSAT1:
The CMS Administration Console provides security-sensitive controls as part of its user interface. It gives you only those CM capabilities that are permitted by the security privileges assigned to you for each CM element.
For example, if you have WRITE permission for all documents, you can check out and edit any document in the CMS Administration Console. If you do not have WRITE permission for documents in a confidential folder, you will never see Edit and Check-Out controls in the Property Inspectors of documents residing in that folder.
Here is the basic task for securing content in the CMS Administration Console:
This chapter explains how to manage security in the CMS Administration Console and includes the following topics:
Administrators with PROTECT permission can assign users various levels of content access based on their roles in the organization.
The CMS Administration Console allows authorized users to assign the following access permissions:
While each of these access permissions is assigned to CM elements individually (as described in Setting security on CM elements), it is not necessary to explicitly set access permissions on each element. A CM element can inherit access permissions from its parent element.
For more information on setting CM element permissions through inheritance, see Cascading security.
The following table describes which permissions are required for performing specific CM operations in the CMS Administration Console:
For information on giving users and groups levels of access to individual CM elements, see Setting security on CM elements.
Generally, security settings cascade from parent to child in the hierarchical relationships of CM elements. The following content hierarchies exist in the CMS Administration Console:
Physical hierarchy of root folders , folders
, and documents
:
Logical hierarchy of taxonomies , categories
, and documents
:
Inherited security When a new child is created in either hierarchy, it inherits the parent's security settings. Child elements can also inherit changes to a parent's access permissions, but you must explicitly enable this behavior, as described in Setting security on CM elements.
Users with PROTECT permission can set security on the following CM elements:
To set security on documents and folders:
Enter content mode by clicking the Content button in the toolbar.
Your folders appear in the content tree view. You may need to expand some of these containers to see the complete view.
Navigate to the folder or document of interest and select it to open its Property Inspector.
Assign this permission to the appropriate users and groups by following these steps:
To allow existing children of the selected folder to inherit the new security setting, check Apply Security To Existing Children.
IMPORTANT: This option is available only to administrators.
To set security on categories and taxonomies:
Enter content mode by clicking the Content button in the toolbar.
Your categories and taxonomies appear in the content tree view. You may need to expand some of these containers to see the complete view.
Navigate to the category or taxonomy of interest and select it to open its Property Inspector.
Assign this permission to the appropriate users and groups by following these steps:
To |
Do this |
---|---|
Assign individual users and groups |
NOTE: You cannot multiselect users and groups from Available Users. |
Assign all users and groups |
Click the double-arrow button. |
To allow existing children of the selected folder to inherit the new security setting, check Apply Security To Existing Children.
IMPORTANT: This option is available only to administrators.
Copyright © 2004 Novell, Inc. All rights reserved. Copyright © 1997, 1998, 1999, 2000, 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved. more ...