Default roles, groups and users

Magnolia is an enterprise content management system. This means that a typical Magnolia site has many users in many roles, working together. An editor may use Magnolia daily, whereas an administrator may access it sporadically. The default roles, groups and users that ship with Magnolia are set up to reflect this reality. An editor has permissions to view and edit the website. An editor can also create new pages and submit changes to a review process. A publisher has permission to view the content and approve the publication, and so on.

Use the Security app to see permissions on workspaces and pages.

Default roles

Role	Description
`anonymous`	Base role for public, unauthenticated users. On most systems, the rights and permissions of the anonymous role differ between author and public instances: allow read access to all on the public instance, while deny the same on the author instance. That is why you should not activate that role.
`superuser`	Full access to everything.
`security-base`	Base role denying to certain system pages.
`rest-admin`	REST administrator role granting GET/POST permissions to all Magnolia's REST APIs.
`rest-editor`	REST editor role granting GET/POST permissions to REST services APIs (nodes, properties), for a limited set of workspaces.
`rest-anonymous`	REST Anonymous Consumer granting GET permissions to Magnolia's content delivery REST API.
`rest-backup`	Base role allowing users to access REST services.
`imaging-base`	Base role allowing users to read and generate images.
`resources-base`	Base role allowing users to use the `resources` workspace.
`scripter`	Base role allowing users to use `scripts` workspace.
`templater-base`	Base role allowing users to user the `templates` workspace.
`contact-base`	Base role allowing users to read contacts information.
`workflow-base` (DX Core)	Base role allowing users to use the `workflow` workspace.
`editor` (DX Core)	Allows editing content.
`publisher` (DX Core)	Allows publishing content.
`rss-aggregator-base`	Base role allowing users to read `rssaggregator` data type information.
`categorization-base`	Base role allowing users to read categorization information.
`stories-base`	Base role allowing users to read stories.
`travel-demo-pur`	Travel demo registered public users. Allows users to access the members' area.
`travel-demo-base`	Example role for the travel demo. Gives read access to some basic workspaces needed by all users.
`travel-demo-editor`	Example editor role for the travel-demo project.
`travel-demo-publisher`	Example publisher role for the travel-demo project.
`travel-demo-admincentral`	Example role to enable access to AdminCentral for the travel-demo project.
`travel-demo-tour-editor`	Example role who can only edit tours and tour categories for the travel-demo project.

Default groups

The purpose of groups is to define settings for a group of users, as opposed to individual users. Users with similar privileges are assigned to appropriate groups. Permissions that apply to a group are inherited by its users.

Group	Description	Assigned roles
`editors` (DX Core)	Sample group created by the workflow module that allows editing and submission to `publishers` for publication.	`editor` `workflow-base`
`publishers` (DX Core)	Sample group created by the workflow module that allows publication after submission from `editors`.	`publisher` `workflow-base`
`travel-demo-pur`	A sample public users group for travel-demo.	`categorization-base contact-base` `fourm-pagecomments-user` `imaging-base` `travel-demo-base` `travel-demo-pur`
`travel-demo-editors`	A sample editors group for travel-demo.	`travel-demo-admincentral` `travel-demo-editor` `travel-demo-tour-editor` `security-base resources-base imaging-base workflow-base`
`travel-demo-publishers`	A sample publishers group for travel-demo.	`travel-demo-admincentral travel-demo-publisher travel-demo-tour-editor security-base workflow-base`
`travel-demo-tour-editors`	A sample travel editor group for travel-demo.	`security-base travel-demo-admincentral travel-demo-base travel-demo-tour-editor workflow-base`
`developers` (Cloud)	Default group for developers using Magnolia Cloud. Assigned to the `publishers` group.	`content-editor` `rest` `superuser`
`owners` (Cloud)	Default group for Magnolia Cloud subscription package owners. Assigned to the `publishers` group.	`content-editor` `rest` `superuser`
`supporters` (Cloud)	Default group for support staff using Magnolia Cloud. Assigned to the `publishers` group.	`content-editor` `rest` `superuser`

Default users

User settings define the login credentials as well as certain personal settings that identify individuals accessing Magnolia. Users inherit permissions from the roles they belong to, either directly or through groups.

System users

System user	Description	Assigned roles	Assigned groups
`anonymous`	Unauthenticated, public users access the websites using this account.	`anonymous` , `categorization-base`, `contact-base`, `forum-pagecomments-user`, `imaging-base`, `rest-anonymous, travel-demo-base`	(none)
`superuser`	User assigned unlimited access permissions.	`superuser`, `rest-admin`, `forum_ALL-admin`	`publishers`

Users

The following sample users are included in the standard installation.

User	Description	Assigned roles	Assigned groups
`eric`	Sample travel demo editor	(none)	`travel-demo-editors`
`eric-de`	Sample German travel demo editor	(none)	`travel-demo-editors`
`peter`	Sample travel demo publisher	(none)	`travel-demo-publishers`
`tina`	Sample travel demo tour editor	(none)	`travel-demo-tour-editors`

Page tree