Web content management roles

You define the access of a user or group for a library to determine who has access to a library, and to define access to the different views within the authoring portlet.

Table 1. Roles
Roles Rendering and authoring portlet access rights
  • User
Users and groups assigned to this role can:
  • view items in a website or rendering portlet that they have been assigned at least user access to.
Tip: The simplest way to assign users to this role is to select any of the default user groups such as "All Authenticated Portal Users" or "Anonymous Portal User". Users will still require "user" access to an item before it will be rendered in a website or rendering portlet.
  • Contributor
Users and groups assigned to this role can:
  • view items in a rendering portlet or servlet-rendered website that they have been assigned at least user access to.
  • view libraries the they have been assigned contributor access to in an authoring portlet.
  • access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned contributor access to.
  • access the item type view within the authoring portlet for item types that they been assigned at least user access to.
  • Editor
  • view items in a rendering portlet or servlet-rendered website that they have been assigned at least user access to.
  • view libraries the they have been assigned contributor access to in an authoring portlet.
  • access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned at least contributor access to.
  • for library item types that user and groups have been assigned at least editor access to, editors can access the following actions in the authoring portlet:
    • access the item type view
    • create a new item
    • add/remove links
    • apply authoring template
    • copy
    • delete
    • edit
    • link to
    • move
    • restore a version
    • edit version labels
  • Manager
Users and groups assigned to these roles can:
  • view items in a rendering portlet or servlet-rendered website that they have been assigned at least user access to.
  • view libraries the they have been assigned contributor access to in an authoring portlet.
  • access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned at least contributor access to.
  • for library item types that they have been assigned manager access to, managers can access the all of the actions available to editors and also the following actions in the authoring portlet:
    • edit access settings
    • next stage
    • purge
    • unlock
    • edit user profile
  • Administrator
Users and groups assigned to these roles can:
  • view items in a rendering portlet or servlet-rendered website that they have been assigned at least user access to.
  • view libraries the they have been assigned contributor access to in an authoring portlet.
  • access the "My Items" and "All Items" views in an authoring portlet for libraries that they have been assigned at least contributor access to.
  • all actions in the authoring portlet for library item types that they have been assigned administrator access to.
  • Security Administrator
  • Delegator
  • Privileged User
These roles have no access to Web Content Manager items.
WebSphere Portal Administrators:

WebSphere® Portal Administrators automatically have Administrator access to all item-types.

Additive and subtractive methodology:

You can assign roles to both a whole library, and the item types within a library using either an additive or subtractive methodology.

For example, with an additive methodology, you apply the "All Authenticated Portal Users" to the "Contributor" role to the entire library. This will give "All Authenticated Portal Users" access to the library and any authoring portlets configured to use the library. You then apply Editor, Manager or Administrator roles to specific resource types to grant additional access to specified users or groups.

With a subtractive methodology, you apply the Manager or Administrator role to a user or group to the entire library. You then apply Editor, Contributor or User roles to specific item types and deselect the inheritance check box. This reduces the access to different item types for specified users or groups.

We recommend that propagation from the web content library is enabled because this will simplify administrating library access and because disabling propagation will result in access related errors.

All Items view:

A user who is assigned access to an item can always view that item in the All Items view regardless of whether they have access to the related item-type view. For example, if a user does not have access to the presentation template view, but is granted editor access to a presentation template, they can still view, but not edit, the presentation template from the All items view.

Assigning roles to anonymous or authenticated users

When accessing a website, users login as either anonymous users, or authenticated portal users.

The following pre-defined groups can be assigned roles in a library.

Table 2. pre-defined groups
Group Details
Anonymous portal user Select this user to assign a role to anonymous users.
All Authenticated Portal Users Select this group to assign a role to users that have logged on to your server.
Users and User Groups Select this group to assign a role to all users and groups.
All Portal User Groups Select this group to assign a role to all groups.