Default permissions
These are default permissions in Magnolia. You can manage them in the Security app. The default permissions are just an example how to grant permissions in a typical website. You should adapt the permissions to match your own organization. App access is configured separately in the app launcher configuration.
Roles
anonymous (role, author instance)
The anonymous
role defines the permissions of public, unauthenticated
users. Permissions are different on the author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category |
Read only |
Selected and sub nodes |
|
DAM |
Read only |
Sub nodes |
|
GoogleSitemaps |
Read only |
Selected and sub nodes |
|
Marketing-tags |
Read only |
Selected and sub nodes |
|
Resources |
Read only |
Sub nodes |
|
Website |
Deny access |
Sub nodes |
|
Web access
Permission | Path |
---|---|
Deny |
|
Deny |
|
anonymous (role, public instance)
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category |
Read only |
Selected and sub nodes |
|
Dam |
Read only |
Selected and sub nodes |
|
GoogleSitemaps |
Read only |
Selected and sub nodes |
|
Marketing-tags |
Read only |
Selected and sub nodes |
|
Resources |
Read only |
Sub nodes |
|
Website |
Read only |
Sub nodes |
|
Web access
Permission | Path |
---|---|
Get & Post |
|
Deny |
|
Deny |
|
Deny |
|
Deny |
|
Deny |
|
Deny |
|
superuser (role)
The superuser
role provides full access to the system. The permissions
are the same on author and public instances.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
AdvancedCache |
Read/Write |
Sub nodes |
|
Category |
Read/Write |
Sub nodes |
|
Config |
Read/Write |
Sub nodes |
|
Contacts |
Read/Write |
Sub nodes |
|
Dam |
Read/Write |
Sub nodes |
|
Dms* |
Read/Write |
Sub nodes |
|
Forum |
Read/Write |
Sub nodes |
|
GoogleSitemaps |
Read/Write |
Sub nodes |
|
Imaging |
Read/Write |
Sub nodes |
|
Keystore |
Read/Write |
Sub nodes |
|
Marketing-tags |
Read/Write |
Sub nodes |
|
Messages |
Read/Write |
Sub nodes |
|
Personas |
Read/Write |
Sub nodes |
|
Profiles |
Read/Write |
Sub nodes |
|
Resources |
Read/Write |
Sub nodes |
|
Rss |
Read/Write |
Sub nodes |
|
Scripts |
Read/Write |
Sub nodes |
|
Segments |
Read/Write |
Sub nodes |
|
Stories |
Read/Write |
Sub nodes |
|
Tags |
Read/Write |
Sub nodes |
|
Tasks |
Read/Write |
Sub nodes |
|
Templates |
Read/Write |
Sub nodes |
|
Tours |
Read/Write |
Sub nodes |
|
Usergroups |
Read/Write |
Sub nodes |
|
Userroles |
Read/Write |
Sub nodes |
|
Users |
Read/Write |
Sub nodes |
|
Website |
Read/Write |
Sub nodes |
|
Workflow (DX Core) |
Read/Write |
Sub nodes |
|
Web access
Permission | Path |
---|---|
Get & Post |
|
Configured access
Applies to | Name | Path |
---|---|---|
App |
Publishing |
|
Configuration |
|
|
Security |
|
|
Security |
|
|
Mail tools |
|
|
Dev tools |
|
|
Backup |
|
|
App launcher |
Dev group |
|
Tools group |
|
|
Tasks app |
Abort action |
|
Archive action |
|
travel-demo-base
These are roles specific to the demo websites. The permissions are the same on author and public instances.
Access control lists
- Path
-
/tour-types
; Read only; Selected and sub nodes; Workspace: Category - Path
-
/destinations
; Read only; Selected and sub nodes; Workspace: Category - Path
-
/
; Read only; Sub nodes; Workspace: DAM - Path
-
/
; Read only; Sub nodes; Workspace: Tours - Path
-
/travel-demo-base
; Read only; Selected; Workspace: Userroles
travel-demo-admincentral
These are roles specific to the demo-project example websites. The permissions are the same on author and public instances.
Web access
Permission | Path |
---|---|
Get & Post |
|
travel-demo-editor
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category |
Read/Write |
Sub nodes |
|
Dam |
Read/Write |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
Website |
Read/Write |
Sub nodes |
|
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App |
Assets |
|
|
Action |
Assets |
Publish |
|
Action |
Pages |
Publish |
|
travel-demo-publisher
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Userroles |
Read only |
Selected |
|
Website |
Read/Write |
Sub nodes |
|
Configured access
Applies to | App | Name | Path |
---|---|---|---|
App |
Assets |
|
|
Action |
Assets |
Publish |
|
Action |
Pages |
Publish |
|
travel-demo-tour-editor
Access control lists
- Path
-
/tour-types
; Read only; Selected and sub nodes; Workspace: Category - Path
-
/destinations
; Read only; Selected and sub nodes; Workspace: Category - Path
-
/
; Read only; Sub nodes; Workspace: DAM - Path
-
/
; Read only; Sub nodes; Workspace: Tours - Path
-
/travel-demo-tour-editor
; Read only; Selected; Workspace: Userroles
editor
Installed by the workflow
module (DX Core). Allows editing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category |
Read/Write |
Sub nodes |
|
Contacts |
Read/Write |
Sub nodes |
|
Dam |
Read/Write |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
Website |
Read/Write |
Sub nodes |
|
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action |
Pages |
Activate |
|
publisher
Installed by the workflow
module (DX Core). Allows publishing content.
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Category |
Read only |
Sub nodes |
|
Contacts |
Read only |
Sub nodes |
|
Dam |
Read only |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
Website |
Read only |
Sub nodes |
|
Workflow |
Read/Write |
Sub nodes |
|
Configured access
Applies to | App | Name | Path |
---|---|---|---|
Action |
Pages |
Publish |
|
workflow-base
Base role allowing users to use the workflow
workspace (DX Core).
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Workflow |
Read/Write |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
contact-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Contact |
Read only |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
imaging-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Imaging |
Read only |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
resources-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Config |
Read only |
Selected and sub nodes |
|
Resources |
Read/Write |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
rest-admin
The superuser account has the rest-admin role by default so you can
use superuser to test your requests. However, for production use, you
should create a custom REST role. The anonymous role is specifically
denied access to the REST endpoints.
|
- Web access
Permission | Path |
---|---|
Get & Post |
|
- Configured access
Applies to | Name | Path |
---|---|---|
Commands |
Delete |
|
Publish |
|
rest-editor
- Web access
Permission | Path |
---|---|
Deny |
|
Get |
|
Deny |
|
Deny |
|
Get & Post |
|
Deny |
|
Get & Post |
|
Get & Post |
|
rest-backup
- Web access
Permission | Path |
---|---|
Get & Post |
|
- Configured access
Applies to | Name | Path |
---|---|---|
Command |
Backup |
|
rss-aggregator-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Rss |
Read-only |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
scripter
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Scripts |
Read/Write |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
Web access
Permission | Path |
---|---|
Get & Post |
|
Configured access
Applies to | App | Path |
---|---|---|
App |
Groovy |
|
templater-base
Access control lists
Workspace | Permission | Scope | Path |
---|---|---|---|
Config |
Read-only |
Selected and sub nodes |
|
Templates |
Read/Write |
Sub nodes |
|
Userroles |
Read only |
Selected |
|
Configured access
Applies to | App | Path |
---|---|---|
App |
Templates |
|
Groups
Group permissions are the same on author and public instances.
travel-demo-pur
The travel-demo-pur
group is used to organize the editors of the
sample websites.
Assigned groups | Assigned roles |
---|---|
(none) |
|
|
|
|
|
|
|
|
|
|
travel-demo-editors
The travel-demo-editors
group is used to organize the editors of the
sample websites.
Assigned groups | Assigned roles |
---|---|
(none) |
|
|
|
|
|
|
|
|
|
|
|
|
Users
System users
anonymous (system user)
User anonymous
represents a Web visitor.
anonymous
role has different permissions onauthor and public.
Assigned groups | Assigned roles |
---|---|
(none) |
|
|
|
|
|
|
|
|
|
|
|
|