Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
Page History
The These are default permissions set up in Magnolia. You can manage them in the Security app demonstrate how to assign roles, ACLs and web access . The default permissions are just an example how to grant permissions in a typical scenario. These permissions are complemented by configured app access.
The Security app allows you to view a comprehensive list of permissions assigned to any user or group at any point in time. If you need to revert to the default permissions for any reason, you can access them online in the demo site in the Tools tab of the Security app.
The tables below show default permissions, role and group assignments, and configured access permissions.
website. You should adapt the permissions to match your own organization. App access is configured separately in the app launcher configuration.
| Table of Contents |
|---|
Roles
anonymous (role, author instance)
...
| Applies to | Name | Path | |
|---|---|---|---|
| App | Activation | /modules/activation/apps/activation/permissions/roles | |
| Configuration | /modules/ui-admincentral/apps/configuration/permissions/roles | ||
| Security | /modules/security-app/apps/security/permissions/roles | ||
| Security | /modules/security-app/dialogs/role/form/tabs/role/fields/jcrName | ||
| Mail tools | /modules/mail/apps/mail/permissions/roles | ||
| Dev tools | /modules/tools/apps/tools/permissions/roles | ||
| Backup | /modules/backup/apps/backup/permissions/roles | ||
| App launcher | Dev group | /modules/ui-admincentral/config/appLauncherLayout/groups/dev/permissions/roles | |
| Tools group | /modules/ui-admincentral/config/appLauncherLayout/groups/tools/permissions/roles | ||
| Pulse | Abort action | /modules/workflow/messageViews/publish/actions/abort/availability/access/roles | |
| Archive action | /modules/workflow/messageViews/publish/actions/archive/availability/access/roles |
...
| Applies to | App | Name | Path |
|---|---|---|---|
| App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
| Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
| Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
...
| Applies to | App | Name | Path |
|---|---|---|---|
| App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
| Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
| Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
...
Base role allowing users to use the workflow workspace (EE).
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Workflow | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /workflow-base |
contact-base
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Contact | Read only | Sub nodes | / |
| Userroles | Read only | Selected | /contact-base |
imaging-base
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Imaging | Read only | Sub nodes | / |
| Userroles | Read only | Selected | /imaging-base |
resources-base
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Config | Read only | Selected and sub nodes |
|
| Resources | Read/Write | Sub nodes | / |
...
| Userroles | Read only | Selected | /resources-base |
| Multiexcerpt | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rest-adminWeb access
Configured access
rest-editorWeb access
rest-anonymousWeb access
Configured access
rest-backupWeb access
Configured access
|
rss-aggregator-base
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Rss | Read-only | Sub nodes | / |
| Userroles | Read only | Selected | /rss-aggregator-base |
scripter
Access control lists
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Scripts | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /scripter |
Web access
| Permission | Path |
|---|---|
| Get & Post | * |
...
security-base
Web access
| Permission | Path | Deny | |
|---|---|---|---|
| Deny | /.magnolia/log4j | ||
| Deny | /.magnolia/pages/configuration* | ||
| Deny | /.magnolia/pages/logViewer* | ||
| Deny | /.magnolia/pages/users* | ||
| Deny | /.magnolia/pages/import* | ||
| Deny | /.magnolia/pages/export* | ||
| Deny | /.magnolia/pages/permission* | ||
| Deny | /.magnolia/pages/developmentUtils* | ||
| Deny | /.rest* |
templater-base
...
| Workspace | Permission | Scope | Path |
|---|---|---|---|
| Config | Read-only | Selected and sub nodes | /modules/inplace-templating |
| Templates | Read/Write | Sub nodes | / |
| Userroles | Read only | Selected | /templater-base |
Configured access
| Applies to | App | Path |
|---|---|---|
| App | Templates | /modules/inplace-templating/apps/inplace-templating/permissions/roles |
forum_ALL-user
Role that allows posting in all forums.
Access control lists
...
Web access
...
forum_ALL-admin
Role which gives administration permissions on ALL forums
Access control lists
...
Web access
...
Configured access
...
/modules/forum/apps/forum/permissions/roles...
Groups
Group permissions are the same on author and public instances.
editors
| Assigned groups | Assigned roles |
|---|---|
| (none) | editor |
workflow-base |
publishers
| Assigned groups | Assigned roles |
|---|---|
| (none) | publisher |
workflow-base |
travel-demo-pur
The travel-demo-pur group is used to organize the editors of the sample websites.
| Assigned groups | Assigned roles |
|---|---|
| (none) | categorization-base |
contact-base | |
forum-pagecomments-user | |
imaging-base | |
travel-demo-base | |
travel-demo-pur |
forum_ALL-moderator
Role which gives moderation permissions on ALL forums
Access control lists
...
Web access
...
Configured access
...
/modules/forum/apps/forum/permissions/rolesforum-pagecomments-user
Role which gives commenting permissions.
...
Groups
Group permissions are the same on author and public instances.
travel-demo-editors
The travel-demo-editors group is used to organize the editors of the sample websites.
| Assigned groups | Assigned roles | |
|---|---|---|
| (none) | travel-demo-admincentral | |
travel-demo-editor | ||
travel-demo-tour-editor | ||
imaging-base | ||
security-base | ||
resources-base | ||
workflow-base |
travel-demo-publishers
...
| Assigned groups | Assigned roles | ||
|---|---|---|---|
| (none) | travel-demo-admincentral | ||
travel-demo-publisher | |||
travel-demo-tour-editor | |||
security-base | |||
workflow-base |
travel-demo-tour-editors
...
| Assigned groups | Assigned roles | ||
|---|---|---|---|
| (none) | travel-demo-admincentral | ||
travel-demo-base | |||
travel-demo-tour-editor | |||
security-base | workflow-base |
editors
| Assigned groups | Assigned roles |
|---|---|
| (none) | editor |
workflow-base |
publishers
| Assigned roles | |
|---|---|
| (none) | publisher |
workflow-base |
Users
eric
User eric is an example editor.
...
| Assigned groups | Assigned roles |
|---|---|
| (none) |
peter
User peter is an example publisher.
| Assigned groups | Assigned roles |
|---|---|
| (none) |
tina
User tina is an example tour editor.
...
| Assigned groups | Assigned roles | ||
|---|---|---|---|
| (none) | anonymous | ||
categorization-base | |||
contact-base | |||
forum-pagecomments-user | |||
imaging-base | |||
rest-anonymous | |||
travel-demo-base |
superuser (system user)
...
| Assigned groups | Assigned roles |
|---|---|
publishers (EE) | |
rest -admin | |
forum_ALL_admin |
Overview
Content Tools