The default permission configuration for the portal is defined through the org.exoplatform.portal.config.UserACL component configuration in the portal.war:/WEB-INF/conf/portal/portal-configuration.xml file.
It defines 9 permissions types:
-
super.user
The super-user as root has all the rights on the the platform.
-
portal.administrator.groups
Any member of those groups are considered administrators. The default value is /platform/administrators.
-
portal.administrator.mstype
Any user with that membership type would be considered administrator or the associated group with the manager by default.
-
portal.creator.groups
This list defines all groups that will be able to manage the different portals. Members of this group also have the permission to create new portals. The format is membership:/group/subgroup.
-
user.impersonate.groups
This list defines all groups that will be able to impersonate as other user. The format is membership:/group/subgroup.
-
navigation.creator.membership.type
Defines the membership type of group managers. The group managers have the permission to create and edit group pages and they can modify the group navigation.
-
guests.group
Any anonymous user automatically becomes a member of this group when they enter the public pages.
-
mandatory.groups
Groups that cannot be deleted.
-
mandatory.mstypes
Membership types that cannot be deleted.
<component>
<key>org.exoplatform.portal.config.UserACL</key>
<type>org.exoplatform.portal.config.UserACL</type>
<init-params>
<value-param>
<name>super.user</name>
<description>administrator</description>
<value>root</value>
</value-param>
<value-param>
<name>portal.creator.groups</name>
<description>groups with membership type have permission to manage portal</description>
<value>*:/platform/administrators,*:/organization/management/executive-board</value>
</value-param>
<value-param>
<name>navigation.creator.membership.type</name>
<description>specific membership type have full permission with group navigation</description>
<value>manager</value>
</value-param>
<value-param>
<name>guests.group</name>
<description>guests group</description>
<value>/platform/guests</value>
</value-param>
<value-param>
<name>access.control.workspace</name>
<description>groups with memberships that have the right to access the User Control Workspace</description>
<value>*:/platform/administrators,*:/organization/management/executive-board</value>
</value-param>
</init-params>
</component>
Overwrite Portal Default Permissions
When creating the custom portals and portal extensions, it is possible to override the default configuration by using org.exoplatform.portal.config.PortalACLPlugin, configuring it as an external component plug-in of org.exoplatform.portal.config.UserACL service:
<external-component-plugins>
<target-component>org.exoplatform.portal.config.UserACL</target-component>
<component-plugin>
<name>addPortalACLPlugin</name>
<set-method>addPortalACLPlugin</set-method>
<type>org.exoplatform.portal.config.PortalACLPlugin</type>
<description>setting some permission for portal</description>
<init-params>
<values-param>
<name>access.control.workspace.roles</name>
<value>*:/platform/administrators</value>
<value>*:/organization/management/executive-board</value>
</values-param>
<values-param>
<name>portal.creation.roles</name>
<value>*:/platform/administrators</value>
<value>*:/organization/management/executive-board</value>
</values-param>
</init-params>
</component-plugin>
</external-component-plugins>