Roles are groupings of users that share a particular function within the portal, according to a particular scope. You can grant roles permissions to various functions within portlet applications.
Roles are used to define permissions across their scope: across the portal, across an organization, or across a site. For example, consider a role which grants access to create a Service Management category. A portal role would grant that access across the portal, wherever there was a Service Management portlet.
Roles are scoped by:
Portal
Organization
Site
A site role grants access only within a single site. An organization role grants that access only within an organization. Because roles are used strictly for portal security, they also do not have pages, like sites and organizations.
Administrators can define roles through the Control Panel. Roles are assigned permissions and then are assigned users or user groups. Users, user groups, sites, or organizations can be members of a role.
In the Dashboard, there are two types of roles that you are likely to require:
Roles related to portal administration. For example, these roles might have rights to create new sites and maintain their pages.
Roles that allow users to perform specific tasks within or for a site.
NOTE:While the following sections cover setting and assigning permissions for a site, these same features and steps apply for organizations.
The following sections cover roles and assigning permissions to them:
When you create a site or organization, three default roles are created:
Administrator: super users of their site and can assign site roles to users.
Owner: super users of their site and can assign site roles to users.
Member: default role assigned to all users who belong to the site or organization.
For information about assigning site users to these default roles, see Assigning Site Roles.
In addition, you might want to create additional roles that grant specific administrative capabilities for the site or allow access to perform an action within the site. For example, you can create a role that can assign users, or a “Journal” role that is in charge of updating journal entries.
Setting up site roles is a three-step process:
Site roles allow you to define permissions for specific functionality that you want to grant to a subset of site members.
To create a site role:
In the Control Panel, click Users > Roles.
Click Add and select Site Role.
Provide a name and description for the role, and then click Save.
Continue to Granting Portlet Permissions.
After you define a role, the next step is to define portlet permissions for the role.
To grant portlet permissions to a role:
In the Control Panel, click Users > Roles.
Click Actions next to the desired role and select Define Permissions.
A list of portlets and the permissions that are associated with that role and portlet displays.
Click the desired portlet to define permissions for that portlet type.
Select the desired permissions, and then click Save.
Continue to Assigning Site Roles.
At a minimum, assign the Administrator and Owner roles to at least one site member. After you define more specialized site roles, you can assign users to them.
For information about assigning default roles to users, see Section 4.4.1, Default Associations for User Accounts.
To assign site users to a role:
In the Control Panel, click Users > Roles.
Click Actions next to the desired role and then select Assign Members.
On the Users tab, click Available.
Select the users to assign to the role, and then click Update Associations.
Portal-wide roles are related to portal administration. For example, these roles might have rights to create new sites and maintain their pages.
By default, there are four portal-wide roles:
Administrator: has administrative privileges.
Power User: is assigned to all users by default. You can give this role certain permissions or disable it altogether.
If you remove the Power Users role from the default user associations, you will need to modify the permissions on certain portlets.
User: is the most basic user.
Guest: includes all unauthenticated users.
Assign permissions for portal-wide activities that are in several categories, such as Site, Location, Organization, Password Policy, etc. This allows you to create a role that, for example, can create new sites in the portal. This would allow you to grant users that particular permission without making them overall portal administrators.
NOTE:Portal permissions can only be assigned to roles of Regular type.
For information about assigning default roles to users, see Section 4.4.1, Default Associations for User Accounts.
To create a portal administration role:
In the Control Panel, click Users > Roles.
Click Add, and then select Regular Role.
Specify a name and description for the role, and then click Save.
To define permissions for the role, do the following:
On the Roles page, click Actions next to the role and select Define Permissions.
Click Applications, and then click the portal for which you want to grant permissions.
Select the permissions you want to grant to the role.
To limit the sites for which the role has a permission, click Change, and then click Choose for each site for which you want to grant the permission.
Click Save.
To assign members to the role, do the following:
On the Roles page, click Actions next to the role, and then select Assign Members.
Click Users, User Groups, Communities, or Organizations.
Click Available.
Select the desired members to assign to the role, and then click Update Associations.
For all roles, you can give permissions to other roles for the maintenance of that role.
To assign permissions to another role:
To grant role permissions for other roles:
In the Control Panel, click Users > Roles.
Click Actions next a role of type Site or Organization, and then select Permissions.
Select the other role permissions to grant to the members of the selected role, and then click Save.