Roles

Roles define sets of privileges (aka what), which can be granted to users, groups or a userrole (aka who), in security domains (aka where).

Role configuration

Roles are stored in the repository under path /hippo:configuration/hippo:roles where the name of the role node defines the role name.

The role privileges are stored in the hipposys:privileges property. Roles also can include or imply other roles through multi-value property hipposys:roles.

The roles themselves are used and referenced by security domains authroles.

Node type definitions

hipposys:role

[hipposys:role] > nt:base
- hipposys:system (boolean)
- hipposys:privileges (string) multiple
- hipposys:roles (string) multiple
- hipposys:description (string)
- hipposys:jcrread (boolean) // not used
- hipposys:jcrwrite (boolean) // not used
- hipposys:jcrremove (boolean) // not used

Name

Type

Required

Description

node name

String

yes

The name of the role

hipposys:system

boolean no Indicator if the role is protected and not allowed to be modified or deleted
hipposys:privileges String no The custom or JCR standard privileges to be granted through this role.
All standard provided roles are marked and projected as system roles.
hipposys:roles String no Other roles implied by this role
hipposys:description String no A description of the role

hipposys:rolefolder

[hipposys:rolefolder] > nt:base
+ * (hipposys:role) = hipposys:role

Example role configuration

/hippo:configuration:
  /hippo:roles:
    /author:
      jcr:primaryType: hipposys:role
      hipposys:privileges: [ jcr:read, hippo:author ]
    /editor:
      jcr:primaryType: hipposys:role
      hipposys:privileges: [ hippo:editor ]
      hipposys:roles: [ author ]
    /myrole:
      jcr:primaryType: hipposys:role
      hipposys:privileges: [ hippo:rest ]
      hipposys:roles: [ editor ]

Default provided roles and privileges

Role

Privileges

Implied roles

author

jcr:read, hippo:author

 

editor

hippo:editor

author

admin

jcr:all, hippo:admin

editor

readonly

jcr:read

 

readwrite

jcr:read, jcr:write

 

modify

jcr:read, jcr:modifyProperties,
jcr:addChildNodes, jcr:removeChildNodes

 

channel-viewer

hippo:channel-viewer

 

channel-webmaster

hippo:channel-webmaster

readwrite, channel-viewer

channel-admin

hippo:channel-admin

channel-webmaster

project-viewer

hippo:project-viewer

readonly

project-editor

hippo:project-editor

readwrite, project-viewer

project-admin

hippo:project-admin

project-editor

targeting-viewer

hippo:targeting-viewer

 

targeting-editor

hippo:targeting-editor

readwrite, targeting-viewer

index-export

index:export

 

restuser

hippo:rest

 

 

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?

    We rely on cookies

    to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

    Manage cookies
    Accept & close

    Cookies preferences

    Accept & close
    Back