Security app
The Security app is where you manage access in the system by administering users, user groups and user roles. Magnolia’s built-in access management system authenticates users to determine who is using the system and provides them with the means to sign into applications. It also authorizes users, ensuring that they have the required permissions for actions such as editing pages. You can access the Security app via Set up > Security.
Subapps
Users, System users and Public users
Use the subapps called Users, System users and Public users to manage the different types of user. For all these users you can:
-
Edit user information such as user name, password, full name, e-mail, and language.
-
Assign the user to groups.
-
Assign roles to the user.
The configuration user data is stored in the users workspace below these paths:
System users |
|
Users |
|
Public users |
|
For more information, see Editing user permissions.
Groups
Users with similar privileges are grouped together. The purpose of a group is to define the settings for the group as whole rather than for each individual user. Permissions that apply to the group are inherited by its users.
By assigning a role to a group, all users in the group inherit the permissions associated with the role. You do not have to assign the users with the role individually.
Similarly, by assigning groups to the current group, all users in the current group inherit the roles and the permissions granted to the groups being assigned to the current group.
See Groups for further information.
Roles
A role is a function a user performs either in the management of Magnolia or as a visitor of a Magnolia website. It reflects the actions and activities assigned to, required, or expected of a user. Specific permissions are granted to enable the functions of a role.
For example, the editor role is responsible for editing content displayed on the site. Permissions granted to this role allow the user to edit the content and submit it for review. The publisher role, on the other hand, is tasked with reviewing the content and publishing it from the author instance to the public instance(s).
Roles have JCR Access Control Lists (ACLs) and Web access permissions. For both the JCR content and Web access, you can define multiple ACLs per role.
To understand how to configure ACLs per role, see Roles and access control lists
Tools
The Tools subapp lets you query groups and permissions associated to a given user. The subapp is useful for permission reporting, auditing, and troubleshooting why users can’t access the resources they should be able to.
Use the subapp’s tabs to display:
-
Permissions: Groups, roles, and permissions for any user.
-
Group members: Users assigned to the current group or its transitive groups.
-
Role assignments: Users or groups assigned with any role.
Configuration
The Security app is installed by the Security app module.
The app is configured in /modules/security-app and comes with the users, systemUsers, groups, roles, tools and public subapps.
The public subapp is installed and configured by the Public User Registration module.
Only users assigned the superuser role have permission to access the subapps.
Workspaces
The subapps operate on the following workspaces:
| Subapp | Workspace |
|---|---|
|
|
|
|
|
|
|
|
|
|
Node types
The Security app module registers the following custom node types in the subapp configurations.
The subapps operate on these nodes types and on mgnl:folder.
| Subapp | Node type |
|---|---|
|
|
|
|
|
|
|
|
|
|