Liferay User Management

Kar Joon Chew

Oct 2011

2

Terminology You will See …

3

Understand the Relationship

4

e.g.

• Message

Boards,

• Calendar,

• Document

Library, etc

Portlet

(Application)

Resource

Type Of

e.g,

• Message

Board Topics,

• Calendar

Event,

• Document

Library Folder

Entity

e.g.

• Documents,

• images,

• applications

File

Resources are scoped into portal, group,

page, and content—model-resource and

application (or portlet) types

5

Role is a collection of permissions

User

User Group

Organization

Community

Location

Assign To

If a role is assigned to a user group,

community, organization, or location,

then all users who are members of that

entity receive permissions of the role.

6

User An individual who performs tasks using

the portal.

Permission to perform tasks

Depending on the permissions that have

been assigned via roles

User Group

Organization

Community

Location

Assign To

7

Organization

Groups

Type Of

Community User Group

8

Organization represents the enterprise-department-

location hierarchy

9

Managing

Organization • Organizations can contain other

organizations as sub-organizations.

10

Organization

• An organization acting as a child organization of a top-level

organization can also represent departments of a parent

corporation.

• Both roles and users can be assigned to organizations

(locations or sub organizations).

• By default, locations and sub-organizations inherit permissions

from their parent organization via roles.

• For best practice, it is better to make a user belong to only one

organization. So make sure your organizations don't overlap.

11

Community a special group with a flat structure.

User

Assign To

• a collection of users who have a

common interest.

• Both roles and users can be

assigned to a community.

• User can do self registration and

approve by community owner.

Microbiology

User User

User

12

Organization Community V.S

Ability to join and invite

members

No Yes

Hierarchical in nature Yes No

Public & Private Pages Yes Yes

Site Templates Yes Yes

13

User Group a special group with no context.

User

• Permissions can be assigned to

user groups via roles too.

• => every user that belongs to that

user group will receive role-based

permissions.

• each user group can have public

pages and private pages.

Manager

User User

User

14

Location is a special organization which associates

with a parent organization

• Can't have any child organizations

associated with them. => are the leaves of

organizations.

• Distinguished by their geographic position

mostly.

• An organization may have any number of

sub organizations and locations. while a

location must belong to one and only one

organization.

15

Hierarchy

• Organizations and locations are the mechanisms to organize the

users and websites just as the portal following a hierarchical

structure.

• Each attached website can have a team and a dedicated workflow.

That is the only way to have a hierarchical structure of websites.

• Organization represents the logical structure of the company or

institution where the portal is going to be used.

• Organizations and locations form a hierarchical structure: regular

organizations form root and trunk; while locations form leaves.

16

Benefit of Hierarchical Structure

1. Inherited permissions.

• Each user can be assigned to at most one organization or location inheriting

the permissions and associations of that organization.

2. Content sharing.

• Content could be scoped into page and group. Organizations and locations

have their own content. Through a hierarchical structure, content in parent

organization could be shared in child organizations.

• E.g. Content in "Palm Tree Enterprise" would be accessible in the department

"Editorial Department". And furthermore content in both "Palm Tree Enterprise"

and "Editorial Department" would be accessible in the location "Editorial US".

17

Authentication Chain

auto.login.hooks = com.liferay.portal.security.auth

.CASAutoLogin,

.NtlmAutoLogin,

.OpenIdAutoLogin,

.OpenSSOAutoLogin,

.RememberMeAutoLogin,

.SiteMinderAutoLogin

18

ROLE BASED ACCESS CONTROL

RBAC

19

Role a collection of permissions.

System Roles

System

Community

Roles

System

Organization

Roles

Customized roles

These roles cannot be removed or renamed

20

Roles

• Administrator,

• Guest,

• Power User,

• User.

System Roles

• Community Administrator,

• Community Member,

• Community Owner.

System Community Roles

• Organization Administrator,

Organization Member, and

Organization Owner

System Org Roles

• Built by user

Customized Roles

21

Permission an action on a resource

Two main features on permissions.

1. Permissions are fine-grained in the portal. For example, for a

given page, permissions would be Add Discussion, Delete

Discussion, Update, Update Discussion, Permissions,

Delete, and View.

2. Permissions are always assigned through roles in the portal. -

RBAC

22

Example: Welcome Page in the Guest Community

23

Permission in Scope

Portal-Group-

Page-Content

permissions can be managed

across scope: across the portal, across a

group (an organization or a location, or a

community), across the page, and across the

content.

24

Permission Actions on Portal General

25

Portlet Permissions

• Includes View, Configuration, and Access in Control Panel.

• Normally, all portlets have View and Configuration permissions.

• Only a few of them (Users, Roles, and User Groups) have the

additional permissions action Access in Control Panel.

26

Q&A Session

Question and Answer