Liferay User Management Kar Joon Chew Oct 2011
Terminology You will See 2
Understand the Relationship 3
Resource Resources are scoped into portal, group, page, and content model-resource and application (or portlet) types Type Of Portlet (Application) e.g. Message Boards, Calendar, Document Library, etc Entity e.g, Message Board Topics, Calendar Event, Document Library Folder File e.g. Documents, images, applications 4
Role is a collection of permissions Assign To User User Group Organization Community If a role is assigned to a user group, community, organization, or location, then all users who are members of that entity receive permissions of the role. Location 5
User An individual who performs tasks using the portal. Assign To User Group Organization Community Location Permission to perform tasks Depending on the permissions that have been assigned via roles 6
Groups Type Of Organization Community User Group 7
Organization represents the enterprise-departmentlocation hierarchy 8
Managing Organization Organizations can contain other organizations as sub-organizations. 9
Organization An organization acting as a child organization of a top-level organization can also represent departments of a parent corporation. Both roles and users can be assigned to organizations (locations or sub organizations). By default, locations and sub-organizations inherit permissions from their parent organization via roles. For best practice, it is better to make a user belong to only one organization. So make sure your organizations don't overlap. 10
Community a special group with a flat structure. Assign To Microbiology User User User User a collection of users who have a common interest. Both roles and users can be assigned to a community. User can do self registration and approve by community owner. 11
Organization V.S Community Ability to join and invite members No Yes Hierarchical in nature Yes No Public & Private Pages Yes Yes Site Templates Yes Yes 12
User Group a special group with no context. Manager User User User User Permissions can be assigned to user groups via roles too. => every user that belongs to that user group will receive role-based permissions. each user group can have public pages and private pages. 13
Location is a special organization which associates with a parent organization Can't have any child organizations associated with them. => are the leaves of organizations. Distinguished by their geographic position mostly. An organization may have any number of sub organizations and locations. while a location must belong to one and only one organization. 14
Hierarchy Organizations and locations are the mechanisms to organize the users and websites just as the portal following a hierarchical structure. Each attached website can have a team and a dedicated workflow. That is the only way to have a hierarchical structure of websites. Organization represents the logical structure of the company or institution where the portal is going to be used. Organizations and locations form a hierarchical structure: regular organizations form root and trunk; while locations form leaves. 15
Benefit of Hierarchical Structure 1. Inherited permissions. Each user can be assigned to at most one organization or location inheriting the permissions and associations of that organization. 2. Content sharing. Content could be scoped into page and group. Organizations and locations have their own content. Through a hierarchical structure, content in parent organization could be shared in child organizations. E.g. Content in "Palm Tree Enterprise" would be accessible in the department "Editorial Department". And furthermore content in both "Palm Tree Enterprise" and "Editorial Department" would be accessible in the location "Editorial US". 16
Authentication Chain auto.login.hooks = com.liferay.portal.security.auth.casautologin,.ntlmautologin,.openidautologin,.openssoautologin,.remembermeautologin,.siteminderautologin 17
RBAC ROLE BASED ACCESS CONTROL 18
Role a collection of permissions. System Roles System Community Roles System Organization Roles Customized roles These roles cannot be removed or renamed 19
Roles System Roles Administrator, Guest, Power User, User. System Community Roles Community Administrator, Community Member, Community Owner. Customized Roles Built by user System Org Roles Organization Administrator, Organization Member, and Organization Owner 20
Permission an action on a resource Two main features on permissions. 1. Permissions are fine-grained in the portal. For example, for a given page, permissions would be Add Discussion, Delete Discussion, Update, Update Discussion, Permissions, Delete, and View. 2. Permissions are always assigned through roles in the portal. - RBAC 21
Example: Welcome Page in the Guest Community 22
Permission in Scope Portal-Group- Page-Content permissions can be managed across scope: across the portal, across a group (an organization or a location, or a community), across the page, and across the content. 23
Permission Actions on Portal General 24
Portlet Permissions Includes View, Configuration, and Access in Control Panel. Normally, all portlets have View and Configuration permissions. Only a few of them (Users, Roles, and User Groups) have the additional permissions action Access in Control Panel. 25
Question and Answer Q&A Session 26