Magnolia 5.6 reached end of life on June 25, 2020. This branch is no longer supported, see End-of-life policy.
The These are default permissions set up in Magnolia. You can manage them in the Security app demonstrate how to assign roles, ACLs and web access . The default permissions are just an example how to grant permissions in a typical scenario. These permissions are complemented by configured app access.
The Security app allows you to view a comprehensive list of permissions assigned to any user or group at any point in time. If you need to revert to the default permissions for any reason, you can access them online in the demo site in the Tools tab of the Security app.
The tables below show default permissions, role and group assignments, and configured access permissions.
Table of Contents |
---|
The anonymous
role defines the permissions of public, unauthenticated users. Permissions are different on the author and public instances.
Access control lists
...
Web access
...
Access control lists
...
Web access
...
website. You should adapt the permissions to match your own organization. App access is configured separately in the app launcher configuration.
Table of Contents |
---|
The anonymous
role defines the permissions of public, unauthenticated users. Permissions are different on the author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Selected and sub nodes | / |
DAM | Read only | Sub nodes | / |
GoogleSitemaps | Read only | Selected and sub nodes | / |
Marketing-tags | Read only | Selected and sub nodes | / |
Resources | Read only | Sub nodes | / |
Website | Deny access |
The superuser
role provides full access to the system. The permissions are the same on author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
AdvancedCache | Read/Write | Sub nodes | / |
Category | Read/Write | Sub nodes | / |
Config | Read/Write | Sub nodes | / |
Contacts | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Dms* | Read/Write | Sub nodes | / |
Forum | Read/Write | Sub nodes | / |
GoogleSitemaps | Read/Write | Sub nodes | / |
Imaging | Read/Write | Sub nodes | / |
Keystore | Read/Write | Sub nodes | / |
Marketing-tags | Read/Write | Sub nodes | / |
Messages | Read/Write | Sub nodes | / |
Personas | Read/Write | Sub nodes | / |
Profiles | Read/Write | Sub nodes | / |
Resources | Read/Write | Sub nodes | / |
Rss | Read/Write | Sub nodes | / |
Scripts | Read/Write | Sub nodes | / |
Segments | Read/Write | Sub nodes | / |
Stories | Read/Write | Sub nodes | / |
Tags | Read/Write | Sub nodes | / |
Tasks | Read/Write | Sub nodes | / |
Templates | Read/Write | Sub nodes | / |
Tours | Read/Write | Sub nodes | / |
Usergroups | Read/Write | Sub nodes | / |
Userroles | Read/Write | Sub nodes | / |
Users | Read/Write | Sub nodes | / |
Website | Read/Write | Sub nodes | / |
Workflow (EE) | Read/Write | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
...
/modules/workflow/messageViews/publish/actions/abort/availability/access/roles
...
Deny | * |
Deny | /.magnolia* |
Anchor | ||||
---|---|---|---|---|
|
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Selected and sub nodes | / |
Dam | Read only | Selected and sub nodes | / |
GoogleSitemaps | Read only | Selected and sub nodes | / |
Marketing-tags | Read only | Selected and sub nodes | / |
Resources | Read only | Sub nodes | / |
Website | Read only | Sub nodes | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Deny | /.magnolia |
Deny | /.magnolia/* |
Deny | /travel/members/protected* |
Deny | /travel/members/profile-update* |
Deny | <travel>/members/protected* |
Deny | <travel>/members/profile-update* |
The superuser
role provides full access to the system. The
These are roles specific to the demo websites. The permissions are the same on author and public instances.
...
Workspace | Permission | Scope | Path | ||||
---|---|---|---|---|---|---|---|
CategoryAdvancedCache | Read only Read only | Selected and sub nodes Selected and sub nodes |
| Dam | Read only/Write | Sub nodes | / |
Category | Read/Write | Sub nodes | / | ||||
Config | Read/Write | Sub nodes | / | ||||
Contacts | Read | only/Write | Sub nodes | / | |||
UserrolesDam | Read only/Write | SelectedSub nodes | /travel-demo-base |
These are roles specific to the demo-project example websites. The permissions are the same on author and public instances.
Web access
...
Dms* | Read/Write | Sub nodes | / |
Forum | Read/Write | Sub nodes | / |
GoogleSitemaps | Read/Write | Sub nodes | / |
Imaging | Read/Write | Sub nodes | / |
Keystore |
Access control lists
Workspace | Permission | Scope | Path | ||
---|---|---|---|---|---|
Category | Read/Write | Sub nodes | / | Dam||
Marketing-tags | Read/Write | Sub nodes | / | ||
Messages | Read | only/Write | SelectedSub nodes | / | travel-demo-editor|
Personas | Read/Write | Sub nodes | / |
Configured access
...
Profiles | Read/Write | Sub nodes | / |
Resources | Read/Write | Sub nodes | / |
Rss | Read/Write | Sub nodes | / |
Scripts | Read/Write | Sub nodes | / |
Segments | Read/Write | Sub nodes | / |
Stories | Read/Write | Sub nodes | / |
Tags | Read/Write | Sub nodes | / |
Tasks | Read/Write | Sub nodes | / |
Templates | Read/Write | Sub nodes | / |
Tours | Read/Write | Sub nodes | / |
Usergroups | Read/Write | Sub nodes | / |
Userroles | Read/Write | Sub nodes | / |
Users | Read/Write | Sub nodes | / |
Website | Read/Write | Sub nodes | / |
Workflow (EE) |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Userroles | Read only | Selected | /travel-demo-publisher |
Website | Read/Write | Sub nodes/ | / |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
Applies to | AppName | Path | |||
---|---|---|---|---|---|
App | Assets | /modules/dam-app/apps/assets/permissions/roles | |||
Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles | ||
Path | |||||
App | Activation | Action | Pages | Activate | /modules/pagesactivation/apps/activation/pages/subApps/browser/actions/activate/availability/access/roles |
Access control lists
...
Read/Write
Read/Write
...
Selected and sub nodes
Selected and sub nodes
...
/tour-types
/destinations
...
permissions/roles | ||
Configuration | /modules/ui-admincentral/apps/configuration/permissions/roles | |
Security | /modules/security-app/apps/security/permissions/roles | |
Security | /modules/security-app/dialogs/role/form/tabs/role/fields/jcrName | |
Mail tools | /modules/mail/apps/mail/permissions/roles | |
Dev tools | /modules/tools/apps/tools/permissions/roles | |
Backup | /modules/backup/apps/backup/permissions/roles | |
App launcher | Dev group | /modules/ui-admincentral/config/appLauncherLayout/groups/dev/permissions/roles |
Tools group | /modules/ui-admincentral/config/appLauncherLayout/groups/tools/permissions/roles | |
Pulse | Abort action | /modules/workflow/messageViews/publish/actions/abort/availability/access/roles |
Archive action | /modules/workflow/messageViews/publish/actions/archive |
Installed by the workflow
module (EE). Allows editing content.
Access control lists
...
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
These are roles specific to the demo websites. The permissions are the same on author and public instancesInstalled by the workflow
module (EE). Allows publishing content.
Access control lists
Workspace | Permission | Scope | Path | ||||
---|---|---|---|---|---|---|---|
Category | Read only | Sub nodes | / | Contacts | Read only | Sub nodes | / |
Dam | Read only | Sub nodes | / | ||||
Userroles | Read only | Selected | /publisher | ||||
Selected and sub nodes Selected and sub nodes |
| ||||||
DamWebsite | Read only | Sub nodes | / | ||||
WorkflowTours | Read /Write | Sub nodes | / |
Configured access
...
only | Sub nodes | / | |
Userroles | Read only | Selected | /travel-demo-base |
These are roles specific to the demo-project example websites. The permissions are the same on author and public instances.
Web access
Permission | Path |
---|---|
Get & Post | * |
...
Access control lists
Workspace | Permission | Scope |
---|
Path | |||
---|---|---|---|
Category | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | / |
travel- |
...
demo- |
...
editor |
Access control lists
...
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Access control lists
...
Access control lists
Workspace | Permission | Scope | Path | Config|
---|---|---|---|---|
Userroles | Read only | Selected | and sub nodes/travel-demo-publisher | |
Website | modules/resourcesResourcesRead/Write | Sub nodes | / | |
Userroles | Read only | Selected | /resources-base |
...
MultiExcerptName | rest-role-permissions |
---|
Web access
...
Permission
...
Path
...
Get & Post
...
/.rest/*
Configured access
...
Applies to
...
Name
...
Path
...
Commands
...
Delete
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/markAsDeleted/access/roles
...
...
Activate
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles
Web access
...
Permission
...
Path
...
Deny
...
/.rest*
...
Deny
...
/.rest/commands*
...
Deny
...
/.rest/nodes*
...
Get & Post
...
/.rest/nodes/v1/website*
...
Deny
...
/.rest/properties*
...
Get & Post
...
/.rest/properties/v1/website*
...
Get & Post
...
/.rest/cache/v1*
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App | Assets | /modules/dam-app/apps/assets/permissions/roles | |
Action | Assets | Activate | /modules/dam-app/apps/assets/subApps/browser/actions/activate/availability/access/roles |
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write Read/Write | Selected and sub nodes Selected and sub nodes |
|
Dam | Read/Write | Sub nodes | / |
Tours | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /travel-demo-tour-editor |
Installed by the workflow
module (EE). Allows editing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read/Write | Sub nodes | / |
Contacts | Read/Write | Sub nodes | / |
Dam | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /editor |
Website | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Installed by the workflow
module (EE). Allows publishing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category | Read only | Sub nodes | / |
Contacts | Read only | Sub nodes | / |
Dam | Read only | Sub nodes | / |
Userroles | Read only | Selected | /publisher |
Website | Read only | Sub nodes | / |
Workflow | Read/Write | Sub nodes | / |
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action | Pages | Activate | /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles |
Base role allowing users to use the workflow
workspace (EE).
Configured access
...
Applies to
...
Name
...
Path
...
Commands
...
Delete
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/markAsDeleted/access/roles
...
...
Activate
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles
Web access
...
Permission
...
Path
...
Deny
...
/.rest*
...
Get
...
/.rest/delivery/*
Configured access
...
Applies to
...
Name
...
Path
...
Commands
...
Delete
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/markAsDeleted/access/roles
...
...
Activate
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles
Web access
...
Permission
...
Path
...
Get & Post
...
/.rest/commands/v2/backup/backup
Configured access
...
Applies to
...
Name
...
Path
...
Commands
...
Delete
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/markAsDeleted/access/roles
...
...
Activate
...
/modules/rest-services/rest-endpoints/commands/enabledCommands/activate/access/roles
Access control lists
Workspace | Permission | Scope | Path |
---|
Workflow | Read |
/Write | Sub nodes | / | |
Userroles | Read only | Selected | / |
workflow- |
base |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Scripts | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /scripter |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
...
Contact | Read only | Sub nodes | / |
Userroles | Read only | Selected | /contact-base |
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Imaging | Read only | Sub nodes | / |
Userroles | Read only | Selected | /imaging-base |
Web access
...
Access control lists
Workspace | Permission | Scope | Path | |
---|---|---|---|---|
Config | Read -only | Selected and sub nodes |
| |
Resources | Read/Write | Sub nodes | / | |
Userroles | Read only | Selected | Selected | /resources-base |
Multiexcerpt | |||||
---|---|---|---|---|---|
| |||||
rest-adminWeb access
Configured access
|
...
|
...
|
...
|
...
|
...
|
...
rest-editorWeb access
rest-anonymousWeb access
rest-backupWeb access
Configured access
|
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Rss | Read-only | Sub nodes | / |
Userroles | Read only | Selected | /rss-aggregator-base |
...
Role that allows posting in all forums.
Access control lists
...
Role which gives administration permissions on ALL forums
Access control lists
...
/modules/forum/apps/forum/permissions/roles
...
...
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
ForumScripts | Read/Write | Sub nodes | / |
Userroles | Read only | Selected | /forum_ALL-moderatorscripter |
Web access
Permission | Path |
---|---|
Get & Post | * |
Configured access
Applies to | App | Path | ||
---|---|---|---|---|
App | ForumGroovy | /modules/ | forumgroovy/apps/ | forumgroovy/permissions/roles |
Web access
Permission | Path |
---|---|
Deny | /.magnolia/log4j |
Deny | /.rest* |
Access control listsRole which gives commenting permissions.
Workspace | Permission | Scope | Path | ||||
---|---|---|---|---|---|---|---|
ForumConfig | Read/Write-only | Selected and sub nodes | /modules/inplace-templating | /pagecomments | Userroles | Read only | Selected |
Templates | Read/Write | Sub nodes | / | ||||
Userroles | Read only | Selected | /templater-base |
Configured access
Applies to | App | Path | |
---|---|---|---|
App | Templates | /modules/inplace-templating/apps/inplace-templating/permissions/roles | /forum-pagecomments-user
Group permissions are the same on author and public instances.
Assigned groups | Assigned roles |
---|---|
(none) | editor |
workflow-base |
Assigned groups | Assigned roles |
---|---|
(none) | publisher |
workflow-base |
The travel-demo-
editorspur
group is used to organize the editors of the sample websites.
Assigned groups | Assigned roles |
---|---|
(none) | categorization-base |
contact-base |
imaging-base
forum-pagecomments-user |
imaging-base |
travel |
imaging-base
categorization-base
-demo-base |
workflow-base
travel-demo-pur |
The travel-demo-editors
group is used to organize the editors of the sample websites.
Assigned groups | Assigned roles | |
---|---|---|
(none) | travel-demo-admincentral | |
travel-demo-editor | ||
travel-demo-tour-editor | ||
imaging-base | ||
security-base | ||
resources-base | ||
workflow-base |
...
Assigned groups | Assigned roles | |
---|---|---|
(none) | travel-demo-admincentral | |
travel-demo-publisher | ||
travel-demo-tour-editor | ||
security-base | ||
workflow-base |
...
Assigned groups | Assigned roles | |
---|---|---|
(none) | travel-demo-admincentral | |
travel-demo-base | ||
travel-demo-tour-editor | ||
security-base | ||
workflow-base |
User eric
is an example editor.
...
Assigned groups | Assigned roles |
---|---|
| (none) |
User peter
is an example publisher.
Assigned groups | Assigned roles |
---|---|
| (none) |
User tina is an example tour editor.
...
Assigned groups | Assigned roles | |
---|---|---|
(none) | anonymous | |
categorization-base | ||
contact-base | ||
forum-pagecomments-user | ||
imaging-base | ||
rest-anonymous | ||
travel-demo-base |
...
Assigned groups | Assigned roles |
---|---|
publishers (EE) |
|
rest -admin | |
forum_ALL_admin |