Access Control
For each service instance added to a channel, it is possible to aggregate groups and users who can access it and grant permissions to each of them.
In the administrative area of the channel, select a service instance and then Control Access;
The possible access permissions for a service instance are: manage and view the service instance, as well as manage its security. However, if the option Inherit Access Control is enabled, the access control for the inherited groups and users will be inherited from the channel, and it will only be possible to deny them permissions. Regardless of inheritance, it is possible to assign permissions and deny them to users and groups added in the access control of the service instance. By default, users and groups added to the access control have permission to “view service instance,” which can be denied as needed.
The figure below displays the access control of a service instance “FAQ” whose group “Portal Administrators” was inherited from the channel. Since the option “Inherit Access Control” is enabled, it is not possible to assign permissions to this group, only deny them. Therefore, permissions cannot be assigned to predefined groups, only denied. For the added groups, “Publishers” and “Guests,” permissions can be assigned or denied regardless of inheritance. Additionally, by default, these last two groups have permission to “view service instance.”
For service instances that utilize approval processes for their content, it is necessary to assign roles to the groups and/or users in the access control of the instance. For more details, check the section Approval Processes.
Below are the permissions related to the service instance:
| Permissions | Includes permissions | Description |
|
Service access control |
||
|
Manage service security |
Inherits permission from the portal to manage service security, if the inheritance of service access control is enabled. Manage service Create service instance |
Allows managing the access control of the service. |
|
Manage service |
Inherits permission from the portal to manage service, if the inheritance of service access control is enabled. Create service instance |
Allows changing the properties of the service. |
|
Create service instance |
Inherits permission from the portal to create service instance, if the inheritance of service access control is enabled. |
Allows instantiating the service. |
|
Control access of the service instance |
||
|
Manage security of service instance |
Inherits permission from the channel to manage security of service instance, if the inheritance of service instance access control is enabled. Manage service instance View service instance Edit content of service instance |
Allows managing the access control of the service instance. |
|
Manage service instance |
Inherits permission from the channel to manage service instance, if the inheritance of service instance access control is enabled. View service instance Edit content of service instance |
Allows changing the properties of the service instance. |
|
Edit content of service instance |
Inherits permission from the channel to edit content of service instance. View service instance |
Allows registering content in the administrative interfaces of content management services. For services that have the workflow functionality enabled, the user or group must possess one of the workflow roles to be able to register content. |
|
View service instance |
Inherits permission from the channel to view service instance, if the inheritance of service instance access control is enabled. |
Allows viewing the service instance. |