Default access alias definitions

Below is a table that defines the access aliases provided by default with the TCM application. These are defined in the Collaboration Access Alias Definitions.xml file.

access alias typical role description Rights Granted/Included
sysadmin-rights SYSADMIN FULL_CONTROL rights, can delete and modify security, take ownership.

admin-rights
security-rights

admin-rights Teamspace ADMIN

Create and delete rights, cannot modify security or take ownership.

author-rights
delete-rights

author-rights Teamspace MEMBER Create rights.

modify-contents-rights
file-in-folder-rights
create-subfolder-rights

guest-rights Teamspace GUEST View rights. view-rights
view-properties-rights

modify-contents-rights

  Includes rights to view and modify content and properties.

modify-properties-rights
PERMISSION_RIGHT_VIEW_CONTENT
PERMISSION_RIGHT_CREATE_INSTANCE
PERMISSION_RIGHT_MAJOR_VERSION_DOCUMENT
PERMISSION_RIGHT_MINOR_VERSION_DOCUMENT

modify-properties-rights

  Rights to read and update properties.

view-properties-rights
PERMISSION_RIGHT_WRITE PERMISSION_RIGHT_CHANGE_STATE

view-rights   Rights to view properties and content.

PERMISSION_RIGHT_VIEW_CONTENT
view-properties-rights

view-delete-rights   View and delete rights.

view-rights
delete-rights

view-properties-rights   Rights to view properties and permissions.

PERMISSION_RIGHT_READ
PERMISSION_RIGHT_READ_ACL

delete-rights   Rights to delete. PERMISSION_RIGHT_DELETE
publish-rights   Rights to publish. PERMISSION_RIGHT_PUBLISH
deploy-rights   Rights to deploy. PERMISSION_RIGHT_DEPLOY
file-in-folder-rights   Rights to file and unfile to folders.

PERMISSION_RIGHT_UNLINK
PERMISSION_RIGHT_LINK

create-subfolder-rights   Rights to create sub-folders. PERMISSION_RIGHT_CREATE_CHILD
archive-rights   Rights to archive objects to a WCM archive database. PERMISSION_RIGHT_ARCHIVE
security-rights   Rights to modify security and take ownership.

PERMISSION_RIGHT_WRITE_ACL
PERMISSION_RIGHT_WRITE_OWNER

See also Example Collaboration Access Alias Definitions.xml file. This file is located in the Collaboration Store folder, under the Root Folder for the object store. To edit the file, you must check it out from the content engine.

If you want to add permissions to one or more of the roles, you can include another access alias within the definition of the access alias (by editing the Collaboration Access Alias Definitions.xml file). As an example, if you wanted to add security rights to some objects for the Teamspace Administrator role, you could do the following:

  1. Within the Collaboration Access Alias Definitions.xml file, create a new access alias definition called admin-sec-rights. Do this by editing a copy of the definition for admin-rights to look like this:

    <accessalias>
    <symname>admin-sec-rights</symname>
    <include>author-rights</include>
    <include>delete-rights</include>
    <include>security-rights</include>
    </accessalias>

  2. The Teamspace Administrator Role.xml file provides a list of teamspace objects and an access alias for each. Change the existing access alias (admin-right or author-right, by default) to admin-sec-right to add the new security rights to that object for all Teamspace Administrators. For example, to modify the rights granted for discussions, you would change the section that looks like this:

    <objsymname>discussions</objsymname>
    <accessalias>author-rights</accessalias>
    </objsecuritydef>


    To look like this:

    <objsymname>discussions</objsymname>
    <accessalias>admin-sec-rights</accessalias>
    </objsecuritydef>

  3. Check in the modified Teamspace Administrator Role.xml file using the Collaboration Security Role Definition document class. You must use this document class to ensure that the new role is recognized by the application. (The software determines roles are available by querying the object store for all files with the Collaboration Security Role Definition document class. The matching files are added to the Collaboration Store.)