Permission settings define what users can or cannot do with various portal objects, such as Sites, Pages and Portlets. There are four kinds of permissions available:
Access Permissions
Edit Permissions
Move Apps Permissions
Move Containers Permissions
These permissions can be set through both UI (see Manage Permissions section of User Guide) or Portal API.
Access Permissions allow users to view the given portal object in the UI. This permission can be granted to multiple user groups.
Edit Permissions allow users to change properties of the given portal object. This includes e.g. changing the title or name of a page, selecting default skin or locale for a site, change the visual layout of the given portal object in Page or Site Composer, etc. Note that ability to set the permissions covered in this section is also a result of having the Edit permission on a given object. E.g. if Edit Permission of a page is set to /organization/management/executive-board then the members of Executive board can change i.a. Access and Edit permission of the given page. Edit Permissions can be granted to only one group at a time.
Since GateIn Portal 3.7, it is possible to control which users are allowed to manipulate with child objects of a Site, Page or Container when editing the given object in the respective editor (see Manage Pages).
Note that the meaning of Container here is
A box in the user interface responsibile for rendering its children in some specific way, such as in rows, in columns, in tabs, etc.
There are separate permissions for two kinds of child objects: Applications (portlets or gadgets) and Containers.
Users granted Move Apps Permissions on a Site, Page or Container will be able to perform the following operations with child Applications of the given Site, Page or Container in Page or Site editors:
Add an Application as a child to the given Site, Page, or Container
Reorder child Applications of the given Site, Page, or Container
Remove a child Application from the given Site, Page, or Container
Users granted Move Containers Permissions on a Site, Page or Container will be able to perform the following operations with child Containers of the given Site, Page or Container in Page or Site editors:
Add a Container as a child to the given Site, Page, or Container
Reorder child Containers of the given Site, Page, or Container
Remove a child Container from the given Site, Page, or Container
A typical use for these permissions is when a portal owner wants to minimize the risk that users that can add Applications will break the overall layout of pages they create or change. For that purpose, he can prepare a page template with containers he prefers and than restrict the permissions in the following way:
Set Move Containers Permissions on the Page and all Containers present in the page to e.g. group /organization/marketing/content-strategy (and nothing else).
Set Move Apps Permissions on the Page and all Containers present in to page to Nobody.
Then go through locations in the Container hierarchy designated for adding applications and set Move Apps Permissions to e.g. /organization/marketing/content
With this setup, the members of /organization/marketing/content will be able to create only pages with the predefined layout and they will be allowed to add Applications only to the locations designated by the template creator.