Versions Compared

Old Version 1

changes.mady.by.user Olivier Grenet

Saved on

compared with

New Version 2

changes.mady.by.user Guillaume LEPICARD

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is highly recommended for integrators to read and understand Setting Up Permissions and Roles to understand the concepts behind permissions management, and examples on how to extend the default behaviour with specific needs not covered.

Info

2023.3 changes

Prior to 2023.3, when a role was created from a role template, all permissions inherited were created in the pkgsecugroup table.

As of 2023.3, only differences between the role and the role template are stored.

Understanding the big picture

...

Role templates

A role template defines:

  1. A set of permissions that a role will inherit by extending the role template.

  2. A mechanism to ensure some default permissions (or lack of permissions) cannot be overridden for a role.

  3. Default available digital assets renditions for roles.

  4. Default BackOffice menu for a role.

Roles

Roles created out of a role template cannot change the template they are extending.

...

You will still need to initialize default security permissions by calling the /api/packaged/admin/security/update service. This service has been updated to consider 2 cases:

  1. The plugin parameter enable_role_type_management is set to false (plugin parameter's default value) → behaviour is unchanged: Roles are granted permissions out of embed permissions templates

  2. The plugin parameter enable_role_type_management is set to true (delivered default plugin configuration) → Default provided roles are patched to extend default provided role templates. Permissions are initialized for roles out of role templates.

As an integrator, you can choose to stick to product provided role templates, or to duplicate them and handle them from a project perspective.

...