Access roles preferences

The Access roles site preference allows you to create access roles and manage the membership of each access role. Access roles hide actions, pages and applets from standard pages within the application. However, access roles do not secure content engine objects or prevent users from calling these actions, pages and applets if provided by another application, API, or through a custom-built URL calling Workplace XT actions, pages or applets directly. Access roles are not a substitute for file or folder level security.

Default access roles

Default access roles control access to administrative functions and to specific workflow-related tools. Default access roles are created when the application is installed. You can rename the default access roles, and add or remove members. You cannot delete a default access role.

Each default access role controls access to a specific feature or tool. In addition, you can assign the default access roles to other views and actions.

Custom access roles

You can create custom access roles or use the default access roles to determine which users can access specific features and commands within Workplace. You can use access roles with the Multi-select Actions preference, Author Page preferences, My Workplace preferences, Primary Views preferences, and Actions preferences. If a user is not a member of the assigned access role, the user cannot access the feature. If a user is a member of a specific access role, you can allow or deny the member access to the associated feature.

Resolving access role control

Users can be members of more than one access role, sometimes with conflicting rights. Also, in some situations, you might need to grant additional membership to a user to ensure that the user has full access to all intended features and actions. Keep the following points in mind when assigning access role memberships, access to primary views, and access to actions.

Changing access role membership

Access role membership information is cached during a client session, but changes to access role assignments are immediate. If you change the access roles assigned for a primary view or access roles assigned to an action, those changes take effect immediately for users who are logged in. However, if you add or remove a user from an access role while that user is currently logged in, the changes take effect the next time the user logs in.

The user who creates the access role always has access to the access role, even if the user name is removed from the role. The user retains owner access to the custom objects that represent the access role in the object store. To fully remove the user account from the access role, an object store administrator must use Enterprise Manager to change the owner of the custom objects that represent the access role.

To add members to an access role

  1. Click Add new members below the name of the desired access role. The Select Users/Groups page opens.
  2. Select either User or Groups to display the appropriate list.
  3. Type one or more characters for the beginning of the user or group names to search for. For example, to locate groups named ProjectLeads and ProgramManagers, type "p". All group names beginning with "p" are returned. You can narrow the search by entering more characters. For example, "proj" would return ProjectLeads, but not ProgramManagers.
  4. Click Search. After a brief delay, the matching names are displayed.
  5. Click Accept. The site preferences page opens again, with the new user or group name listed for the access role under Allowed Access.
  6. If needed, click Deny Access next to the user or group name to deny access to a specific user or group.
  7. Save your changes.

To remove a user or group from an access role

Click Remove next to the access role's user or group name that you want to remove, then save your changes.

To change access from allow to deny

Click Deny access next to the access role's user or group name that you want to change, then save your changes.

To add a new access role

  1. Click Add Role to open the Add Access Role page.
  2. Enter an Access role name .
  3. Optionally, enter a description in Access role description.
  4. Click Accept. The Site Preferences page opens.
  5. Add members to the new access role and save your changes.

To remove a user-defined access role

Click Delete Role below the access role name you want to remove, then save your changes.

To rename an access role

  1. Click Rename Role below the desired access role.
  2. Edit the Access role name.
  3. If applicable, edit the description.
  4. Accept and save your changes.