Roles

Roles define sets of privileges (aka what), which can be granted to users, groups or a userrole (aka who), in security domains (aka where).

Role configuration

Roles are stored in the repository under path /hippo:configuration/hippo:roles where the name of the role node defines the role name.

The role privileges are stored in the hipposys:privileges property. Roles also can include or imply other roles through multi-value property hipposys:roles.

The roles themselves are used and referenced by security domains authroles.

Node type definitions

hipposys:role

[hipposys:role] > nt:base
- hipposys:system (boolean)
- hipposys:privileges (string) multiple
- hipposys:roles (string) multiple
- hipposys:description (string)
- hipposys:jcrread (boolean) // not used
- hipposys:jcrwrite (boolean) // not used
- hipposys:jcrremove (boolean) // not used

Name

Type

Required

Description

node name

String

yes

The name of the role

hipposys:system

boolean no Indicator if the role is protected and not allowed to be modified or deleted
hipposys:privileges String no The custom or JCR standard privileges to be granted through this role.
All standard provided roles are marked and projected as system roles.
hipposys:roles String no Other roles implied by this role
hipposys:description String no A description of the role

hipposys:rolefolder

[hipposys:rolefolder] > nt:base
+ * (hipposys:role) = hipposys:role

Example role configuration

/hippo:configuration:
  /hippo:roles:
    /author:
      jcr:primaryType: hipposys:role
      hipposys:privileges: [ jcr:read, hippo:author ]
    /editor:
      jcr:primaryType: hipposys:role
      hipposys:privileges: [ hippo:editor ]
      hipposys:roles: [ author ]
    /myrole:
      jcr:primaryType: hipposys:role
      hipposys:privileges: [ hippo:rest ]
      hipposys:roles: [ editor ]

Default provided roles and privileges

Role

Privileges

Implied roles

author

jcr:read, hippo:author

 

editor

hippo:editor

author

admin

jcr:all, hippo:admin

editor

readonly

jcr:read

 

readwrite

jcr:read, jcr:write

 

modify

jcr:read, jcr:modifyProperties,
jcr:addChildNodes, jcr:removeChildNodes

 

channel-viewer

hippo:channel-viewer

 

channel-webmaster

hippo:channel-webmaster

readwrite, channel-viewer

channel-admin

hippo:channel-admin

channel-webmaster

project-viewer

hippo:project-viewer

readonly

project-editor

hippo:project-editor

readwrite, project-viewer

project-admin

hippo:project-admin

project-editor

targeting-viewer

hippo:targeting-viewer

 

targeting-editor

hippo:targeting-editor

readwrite, targeting-viewer

index-export

index:export

 

restuser

hippo:rest

 

 

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?