Default Security Domains
Automatic export configuration.
Nodes and node types that every user can read. For example, each CMS user can read the documents created by themselves (matched by username).
Nodes and node types that every CMS user can write. For example, each CMS user can write to the documents they created themselves (matched by username), and write to their own user account details (also matched by username).
All nodes in the content repository. For example admin users have full access to all nodes.
Form data stored in the repository (typically under /formdata). The delivery tier must have write access to this domain.
CMS user interface configuration.
All image sets.
All nodes in the repository event log (typically stored under /hippo:log).
All module configuration nodes (typically stored under /hippo:configuration/hippo:modules).
All workflow requests (e.g. request for publication, request for deletion). Authorization within this domain determines what a user can do with the request, e.g. editor can approve or reject, while authors can only cancel a request.
The delivery tier configuration (typically stored under /hst:hst). In addition to the delivery tier being able to read the configuration, webmaster-level users must have write access to be able to make changes in the channel manager.
Rich text fields HTML cleaner configuration.
All documents that are published. Used to display content in live channels.
All documents that are not published, and documents with unpublished changes. Used to preview unpublished content in the channel manager.
Document type definitions including editing templates (typically stored under /hippo:namespaces).
Document version histories.