Introducing CXT / Permissions and Roles / Best practice

Defining editorial permissions (best practice)

Table of contents

This chapter gives possible configurations of editorial permissions to project contents in the CXT environment. Possible responsibilities in the project are mapped to groups. Example permissions for specific objects are then assigned to these groups.

Additional documentation on this topic:

Important The groups and configurations shown are used, for example, for documentation. In the specific project there could be other responsibilities, group names and permission definitions.

Mapping responsibilities

Depending on their tasks and responsibilities, a person can be assigned to one or more groups (see Adding users to groups).

Recommendation on the Everyone group

Note: The permissions defined in a node for the “Everyone” group are added to the permissions that are individually defined for a user for that node. This means that a user cannot have fewer permissions on any node than the “Everyone” group.

Important Recommendation: So that only the permissions defined individually for the user are valid, all permissions for the “Everyone” group should be removed (“No permissions”).

Assigning editorial permissions

Recommendation: The permissions configuration and thus the access to contents should have as high a granularity as possible. Important actions and comprehensive access should be reserved for only a few users. For each user and each role, there should be a detailed specification of what and what is not permitted to be in the project.

Viewing fragments and variants

Group: cxt_view

Action: Users of this role are permitted to view fragments and variants

Configuration in the project:

The following permissions are set to the corresponding elements (root nodes, folders) of the Page Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “View metadata”
  • OFF: All other permissions

The following permissions are set on the “page templates” of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

Editing fragments and variants

Group: cxt_edit

Action: Users of this role are permitted to edit fragments and variant contents (but not create them).

Configuration in the project: The following permissions are set on the corresponding elements (root nodes, folders) of the Page Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “Change”
  • ON: Permission “View metadata”
  • ON: Permission “Change metadata”
  • OFF: All other permissions

The following permissions are set on the “page templates” of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

Creating and editing variants

Group: cxt_create_variant

Action: Users of this role are permitted to create and edit new variants.

Configuration in the project: The following permissions are set on the corresponding elements (root nodes, folders) of the Page Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “Change”
  • ON: Permission “Create object”
  • ON: Permission “View metadata”
  • ON: Permission “Change metadata”
  • OFF: All other permissions

The following permissions are set on the “page templates” of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

Creating and editing fragments

Group: cxt_create_fragment

Action: Users of this role are permitted to create and edit new variants.

Configuration in the project: The following permissions are set on the corresponding elements (root nodes, folders) of the Page Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “Change”
  • ON: Permission “Create object”
  • ON: Permission “Create folder”
  • ON: Permission “View metadata”
  • ON: Permission “Change metadata”
  • OFF: All other permissions

The following permissions are set on the “page templates” of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

Assigning advanced editorial permissions

The following groups should also be assigned permissions for project administration and configuration in SiteArchitect.

Viewing data storage (SiteArchitect)

Group: fs_view_data

Action: Users of this role are permitted to view fragments and variants

Configuration in the project:

The following permissions are set to the corresponding elements (root nodes, folders) of the Page Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “View metadata”
  • OFF: All other permissions

Where applicable, permissions to the corresponding elements (root nodes, folders) of the Site Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “View metadata”
  • OFF: All other permissions

The following permissions are set on the root node of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “View metadata”
  • OFF: All other permissions

Maintaining the data storage (SiteArchitect)

Group: fs_manage_data

Action: Users of this role have the permissions of project administrators to rectify data or states containing errors in the project (e.g. resolving failed releases).

Configuration in the project:
The following permissions are set on the corresponding elements (root nodes, folders) of the Page Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “Change”
  • ON: Permission “Create object”
  • ON: Permission “Create folder”
  • ON: Permission “Remove object”
  • ON: Permission “Remove folder”
  • ON: Permission “Release”
  • ON: Permission “View metadata”
  • ON: Permission “Change metadata”
  • ON: Permission “Change permissions”

The following permissions to switch the “request_release” workflow are set on the corresponding elements (root nodes, folders) of the Page Store:

  • Authorized: Permission to switch the “Request release” workflow (“Permitted”)
  • Authorized to switch all transitions of the workflow

The following permissions to switch the “request_deletion” workflow are set on the corresponding elements (root nodes, folders) of the Page Store:

  • Authorized: Permission to switch the “Request deletion” workflow (“Permitted”)
  • Authorized to switch all transitions of the workflow

Where applicable, permissions to the corresponding elements (root nodes, folders) of the Site Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “Change”
  • ON: Permission “Create object”
  • ON: Permission “Create folder”
  • ON: Permission “Remove object”
  • ON: Permission “Remove folder”
  • ON: Permission “Release”
  • ON: Permission “View metadata”
  • ON: Permission “Change metadata”
  • ON: Permission “Change permissions”

The following permissions are set on the root node of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • ON: Permission “Change”
  • ON: Permission “Create object”
  • ON: Permission “Create folder”
  • ON: Permission “Remove object”
  • ON: Permission “Remove folder”
  • ON: Permission “Release”
  • ON: Permission “View metadata”
  • ON: Permission “Change metadata”
  • ON: Permission “Change permissions”

Assigning workflow permissions

Request deletion (workflow)

Group: cxt_request_deletion

Action: Users of this role are permitted to initiate the deletion of a fragment or variant via a workflow.

Configuration in the project: The following permissions for switching the “Request deletion” workflow are set to the corresponding elements (root nodes, folders) of the Page Store:

  • Authorized: Permission to switch the “Request deletion” workflow (“Permitted”)
  • Authorized to switch the transition: Start - Request deletion
  • Authorized to switch the transition: Request deletion

The following permissions are set on the “Workflows - Request deletion” node of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

Confirm deletion (workflow)

Group: cxt_authorize_deletion

Action: Users of this role are permitted to confirm the deletion of a fragment or variant via a workflow.

Configuration in the project: The following permissions for switching the “Request deletion” workflow are set to the corresponding elements (root nodes, folders) of the Page Store:

  • Authorized: Permission to switch the “Request deletion” workflow (“Permitted”)
  • Authorized to switch the transition: Start - Request deletion
  • Authorized to switch the transition: deleted
  • Authorized to switch the transition: Request deletion
  • Authorized to switch the transition: deletion declined
  • Authorized to switch the transition: deletion accepted
  • Authorized to switch the transition: retained

The following permissions are set on the “Workflows - Request deletion” node of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

Release request (workflow)

Group: cxt_request_release

Action: Users of this role are permitted to initiate the release of a fragment or of a variant via a workflow.

Configuration in the project: The following permissions for switching the “Request release” workflow are set to the corresponding elements (root nodes, folders) of the Page Store:

  • Authorized: Permission to switch the “Request release” workflow (“Permitted”)
  • Authorized to switch the transition: request release
  • Authorized to switch the transition: objectChanged - Start

The following permissions are set on the “Workflows - Request release” node of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

Confirm release (workflow)

Group: cxt_authorize_release

Action: Users of this role are permitted to confirm the release of a fragment or of a variant via a workflow.

Configuration in the project: The following permissions for switching the “Request release” workflow are set on the corresponding elements (root nodes, folders) of the Page Store:

  • Authorized: Permission to switch the “Request release” workflow (“Permitted”)
  • Authorized to switch the transition: request release
  • Authorized to switch the transition: do not grant
  • Authorized to switch the transition: grant
  • Authorized to switch the transition: objectChanged - Start
  • Authorized to switch the transition: element released
  • Authorized to switch the transition: release denied

The following permissions are set on the “Workflows - Request release” node of the Template Store:

  • ON: Permission “Visible”
  • ON: Permission “Read”
  • OFF: All other permissions

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.13 | Data privacy