2.4. Portal default permission configuration

The default permission configuration for the portal is defined through org.exoplatform.portal.config.UserACL component configuration in the portal.war:/WEB-INF/conf/portal/portal-configuration.xml file.

It defines 8 permissions types:

super.user

The super-user as root has all the rights on the eXo Platform.

portal.administrator.groups

Any member of those groups are considered administrators. The default value is /platform/administrators.

portal.administrator.mstype

Any user with that membership type would be considered administrator or the associated group with the manager by default.

portal.creator.groups

This list defines all groups that will be able to manage the different portals. Members of this group also have the permission to create new portals. The format is membership:/group/subgroup.

navigation.creator.membership.type

Defines the membership type of group managers. The group managers have the permission to create and edit group pages and they can modify the group navigation.

guests.group

Any anonymous user automatically becomes a member of this group when they enter the public pages.

mandatory.groups

Groups that cannot be deleted.

mandatory.mstypes

Membership types that cannot be deleted.


<component>
  <key>org.exoplatform.portal.config.UserACL</key>
  <type>org.exoplatform.portal.config.UserACL</type>   
  <init-params>      
    <value-param>
      <name>super.user</name>
      <description>administrator</description>
      <value>root</value>     
    </value-param>
      
    <value-param>
      <name>portal.creator.groups</name>
      <description>groups with membership type have permission to manage portal</description>
      <value>*:/platform/administrators,*:/organization/management/executive-board</value>     
    </value-param>
      
    <value-param>
      <name>navigation.creator.membership.type</name>
      <description>specific membership type have full permission with group navigation</description>
      <value>manager</value>     
    </value-param>
    <value-param>
      <name>guests.group</name>
      <description>guests group</description>
      <value>/platform/guests</value>     
    </value-param>     
    <value-param>
      <name>access.control.workspace</name>
      <description>groups with memberships that have the right to access the User Control Workspace</description>
      <value>*:/platform/administrators,*:/organization/management/executive-board</value>     
    </value-param>           
  </init-params>   
</component>

Overwriting portal default permissions

When creating the custom portals and portal extensions, it is possible to override the default configuration by using org.exoplatform.portal.config.PortalACLPlugin, configuring it as an external-plugin of org.exoplatform.portal.config.UserACL service:


<external-component-plugins>
    <target-component>org.exoplatform.portal.config.UserACL</target-component>
    <component-plugin>
      <name>addPortalACLPlugin</name>
      <set-method>addPortalACLPlugin</set-method>
      <type>org.exoplatform.portal.config.PortalACLPlugin</type>
      <description>setting some permission for portal</description>
      <init-params>     
        <values-param>
          <name>access.control.workspace.roles</name>
          <value>*:/platform/administrators</value>
          <value>*:/organization/management/executive-board</value>       
        </values-param>
        <values-param>
          <name>portal.creation.roles</name>
          <value>*:/platform/administrators</value>
          <value>*:/organization/management/executive-board</value>      
        </values-param>
      </init-params>
    </component-plugin>
  </external-component-plugins>

See also

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus