...
It is highly recommended for integrators to read and understand Setting Up Permissions and Roles to understand the concepts behind permissions management, and examples on how to extend the default behaviour with specific needs not covered.
Info |
---|
2023.3 changes Prior to 2023.3, when a role was created from a role template, all permissions inherited were created in the As of 2023.3, only differences between the role and the role template are stored. |
Understanding the big picture
...
Role templates
A role template defines:
A set of permissions that a role will inherit by extending the role template.
A mechanism to ensure some default permissions (or lack of permissions) cannot be overridden for a role.
Default available digital assets renditions for roles.
Default BackOffice menu for a role.
Roles
Roles created out of a role template cannot change the template they are extending.
...
You will still need to initialize default security permissions by calling the /api/packaged/admin/security/update
service. This service has been updated to consider 2 cases:
The plugin parameter
enable_role_type_management
is set tofalse
(plugin parameter's default value) → behaviour is unchanged: Roles are granted permissions out of embed permissions templatesThe plugin parameter
enable_role_type_management
is set totrue
(delivered default plugin configuration) → Default provided roles are patched to extend default provided role templates. Permissions are initialized for roles out of role templates.
As an integrator, you can choose to stick to product provided role templates, or to duplicate them and handle them from a project perspective.
...