Explaining Security at Library level and Item level in WCM Part 1

Security :- The word security means how to control the authenticated user from accessing unauthorized content. WCM  has come up with different types of security roles for library level and item level as given below. Now we will create one user each for this role and access WCM to identify what that particular person can access it and finally summarize roles and responsibilities.

 Library security has five levels:
    User(WcmUser/WcmUser)
    Contributor(WcmContributor/WcmContributor)
    Editor(WcmEditor/WcmEditor)
    Manager(WcmManager/WcmManager)
    Administrator(WcmAdmin/WcmAdmin)(This role has al access this will not be delt in this blog).

Item security has four security levels:
    User(WcmUser/WcmUser)
    Contributor(WcmContributor/WcmContributor)
    Editor(WcmEditor/WcmEditor)
    Approver(WcmApprover/WcmApprover)

As mentioned above we will create users and groups as mentioned in above braces

Step 1 :- Navigate to Portal administration then create all possible combination of groups with members in it as given above

                     

                                                            Similarly do it for all groups

Step 2 :- Now login as a administrator and create new library

Now set access permissions for it

Now click on Edit User Role

Then select which group you want to assign user role and map it

Now click later apply and done

Step 3 :-  Follow the step 2 for all other roles. Now navigate to Application->Web Content Management-> Preferences

  

Step 4 :- Now click on Edit Shared Settings and select the library and add to WCM as given below

After adding library click ok

Navigate back to Applications->WCM to view it

Step 5 :- Now we will login using each user and experience the view of newly created library. Using this we can identify virtually what role has which type of access to library. So far we have done all our operations as administrator. Now we will try with other users.

User view (WcmUser)

We are were not even able to view the library . That means user role people cannot see the library

Roles	Rendering and authoring portlet access rights
User	Users and groups assigned to this role can:  View items in a website or rendering portlet that they have been assigned at least user access to. Note: The simplest way to assign users to this role is to select any of the default user groups such as "All Authenticated Portal Users" or "Anonymous Portal User". Users will still require "user" access to an item before it will be rendered in a website or rendering portlet.

Contributor Role(WcmContributor)

As a Contributor i am able to see the library

As a contributor i have only read access to most of the items

Contributor	Users and groups assigned to this role can: 1) Have all user's access right (as described above). 2)  View libraries the they have been assigned contributor access to in an authoring portlet. 3)  Access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to. 4) Access the item type view within the authoring portlet for item types that they been assigned at least user access to.

Editor Role (WcmEditor)

           With Editor role i am able to read, edit, preview but not able to delete any item

Editor	Users and groups assigned to this role can: 1)  Have all contributor's access rights (as described above). 2) For library item types that user and groups have been assigned at least editor access to, editors can also access the following actions in the authoring portlet: - Create a new item. - Add or remove links. - Apply authoring template. - Copy, edit, delete link to, and move item type. - Restore a version. - Edit version labels

• Manager Role (WcmManager) 

Using WCM manager role i am able to delete, unlock, purge, set access to items

Manager	Users and groups assigned to these roles can: 1)  Have all editor's access rights (as described above). 2)  For library item types that they have been assigned manager access to, managers can also perform the following actions in the authoring portlet: - Edit access settings. - Edit next stage. - Purge. - Unlock. - Edit user profile.

Note :- As we know administrator will be having final authorities.