Content Management Guide

CHAPTER 19

Managing Content Security

This chapter describes how to secure access to content using the CMS Administration Console. It has these sections:

For more information    For background information, see Securing Content.

 
Top of page

About content security

The CMS Administration Console allows administrators—and other users with PROTECT permission—to control access to CM elements. Administrators can assign users and groups various levels of access permission on an element-by-element basis to the following types of content:

When users with PROTECT permission open one of these CM elements in the CMS Administration Console, they will see a Security tab in the Property Inspector. The Security tab displays controls for assigning levels of access to the selected CM element.

For example, here is what the Security tab looks like after assigning the ContentAdmins Group WRITE access to the document PSAT1:

securityWriteEx

The CMS Administration Console provides security-sensitive controls as part of its user interface. It gives you only those CM capabilities that are permitted by the security privileges assigned to you for each CM element.

For example, if you have WRITE permission for all documents, you can check out and edit any document in the CMS Administration Console. If you do not have WRITE permission for documents in a confidential folder, you will never see Edit and Check-Out controls in the Property Inspectors of documents residing in that folder.

 
Top of page

Flow of operations

Here is the basic task for securing content in the CMS Administration Console:

orderOfOps6Secure

This chapter explains how to manage security in the CMS Administration Console and includes the following topics:

 
Top of page

Permissions for content access

Administrators with PROTECT permission can assign users various levels of content access based on their roles in the organization.

The CMS Administration Console allows authorized users to assign the following access permissions:

Permission

Allows you to

READ

View any data and/or metadata associated with the designated CM element—for example, preview a document or view the metadata associated with a folder

WRITE

Create, modify, and save the designated CM element

PROTECT

Set security on a designated CM element

LIST

View lists of documents in a folder or category

NOTE:   This permission applies to folders or categories only, not to documents.

PUBLISH

Publish a document

NOTE:   This permission applies to documents only, not to folders or categories.

While each of these access permissions is assigned to CM elements individually (as described in Setting security on CM elements), it is not necessary to explicitly set access permissions on each element. A CM element can inherit access permissions from its parent element.

For more information    For more information on setting CM element permissions through inheritance, see Cascading security.

 
Top of page

User permissions required for CM operations

The following table describes which permissions are required for performing specific CM operations in the CMS Administration Console:

Element

Operation

Permission

Document

View content or metadata

READ

Modify content or metadata

WRITE

Publish

PUBLISH

Set security

PROTECT

Folder

View metadata

READ

Modify folder metadata

Add subfolder

Add document

WRITE

List contents

LIST

Set security

PROTECT

Category

View metadata

READ

Modify category metadata

Add subcategory

Add document

WRITE

List contents

LIST

Set security

PROTECT

Field

View metadata

READ

Modify metadata

WRITE

Set security

PROTECT

Document type

View metadata

READ

Modify metadata

WRITE

Set security

PROTECT

List fields that belong to the document type

LIST

Layout style

View metadata

READ

Modify metadata

WRITE

Set security

PROTECT

For more information    For information on giving users and groups levels of access to individual CM elements, see Setting security on CM elements.

 
Top of page

Cascading security

Generally, security settings cascade from parent to child in the hierarchical relationships of CM elements. The following content hierarchies exist in the CMS Administration Console:

Inherited security   When a new child is created in either hierarchy, it inherits the parent's security settings. Child elements can also inherit changes to a parent's access permissions, but you must explicitly enable this behavior, as described in Setting security on CM elements.

 
Top of page

Setting security on CM elements

Users with PROTECT permission can set security on the following CM elements:

Procedure To set security on documents and folders:

  1. Enter content mode by clicking the Content button in the toolbar.

  2. Select the Folder View tab.

    Your folders appear in the content tree view. You may need to expand some of these containers to see the complete view.

  3. Navigate to the folder or document of interest and select it to open its Property Inspector.

  4. Select the Security tab.

  5. Select a permission from the dropdown list.

  6. Assign this permission to the appropriate users and groups by following these steps:

    To

    Do this

    Assign individual users and groups

    1. Select users or groups one at a time from Available Users.

    2. Click the single-arrow button to move each selection to Selected Users.

    NOTE:   You cannot multiselect users and groups from Available Users.

    Assign all users and groups

    Click the double-arrow button.

    NOTE:   All groups move from Available Users to Selected Users.

  7. To allow existing children of the selected folder to inherit the new security setting, check Apply Security To Existing Children.

    IMPORTANT:   This option is available only to administrators.

  8. Click Save.

Procedure To set security on categories and taxonomies:

  1. Enter content mode by clicking the Content button in the toolbar.

  2. Select the Category View tab.

    Your categories and taxonomies appear in the content tree view. You may need to expand some of these containers to see the complete view.

  3. Navigate to the category or taxonomy of interest and select it to open its Property Inspector.

  4. Select the Security tab.

  5. Select a permission from the dropdown list.

  6. Assign this permission to the appropriate users and groups by following these steps:

    To

    Do this

    Assign individual users and groups

    1. Select users or groups one at a time from Available Users.

    2. Click the single-arrow button to move each selection to Selected Users.

    NOTE:   You cannot multiselect users and groups from Available Users.

    Assign all users and groups

    Click the double-arrow button.

  7. To allow existing children of the selected folder to inherit the new security setting, check Apply Security To Existing Children.

    IMPORTANT:   This option is available only to administrators.

  8. Click Save.


Copyright © 2004 Novell, Inc. All rights reserved. Copyright © 1997, 1998, 1999, 2000, 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.  more ...