Docs Developer Site
Enonic XP
arrow-down
    1. Widgets
    1. ID providers
    2. System ID provider
    3. Users and groups
    4. Roles
    1. Projects
    2. Layers
        1. AttachmentUploader
        2. Checkbox
        3. Combobox
        4. ContentSelector
        5. ContentTypeFilter
        6. CustomSelector
        7. Date
        8. DateTime
        9. Double
        10. GeoPoint
        11. HtmlArea
        12. ImageSelector
        13. Long
        14. MediaSelector
        15. Radiobutton
        16. Tag
        17. TextArea
        18. TextLine
        19. Time
      2. Field set
      3. Item set
      4. Option set
      5. Mixins
      6. Localization
    4. Content Types
    5. X-data
    6. Macros
    7. Custom styles
    8. Sites
      1. Regions
      2. Part component
      3. Layout component
      4. Text component
      5. Fragments
      6. Filtering
      7. Component indexing
      8. Visual editor
    10. Page templates
  4. Applications
    1. Sandboxes
    2. Code
    3. Building
    4. Configuration
    5. TypeScript
      1. Globals
      2. HTTP
      3. Controllers
      4. Filters
      5. Events
      6. Websocket
      7. Error handler
      8. ID provider
      9. Tasks
      10. Localization
      11. Mappings
      12. Components
      13. Processors
      14. Contributions
      15. Templating
      16. Main controller
      17. Java bridge
      1. Admin API
      2. Application API
      3. Auditlog API
      4. Authentication API
      5. Cluster API
      6. Common API
      7. Content API
      8. Context API
      9. Event API
      10. Export API
      11. Grid API
      12. I18N API
      13. IO API
      14. Mail API
      15. Node API
      16. Portal API
      17. Project API
      18. Repo API
      19. Scheduler API
      20. Schema API
      21. Tasks API
      22. Value API
      23. VHost API
      24. Websocket API
      1. Webapp Engine
        1. Image service
        2. Component service
      3. Admin Engine
      4. Asset service
      5. HTTP service
      6. IDprovider service
    2. Task engine
    3. Management Endpoint
    4. Statistics Endpoint
    1. Nodes and repos
    2. Properties
    3. Indexing
    4. Branches
    5. Queries (NoQL)
    6. Queries (DSL)
    7. Filters
    8. Aggregations
    9. Highlighting
    10. Editors
    1. Strategies
    2. Distributions
    3. Docker image
    4. Vhosts
    5. Configuration
    6. Backup & restore
    7. Systemd
    8. Clustering
  9. Audit Logs
    1. Upgrade Notes
    2. Upgrading Apps
Developer Docs Xp Next Iam Roles

Roles

Contents

Introduction

Roles provide access to application specific functionality via so-called Role Based Access Control (RBAC).

Custom roles

Roles can be seen and managed from the Users admin app.

A role consist of:

  • Display Name

  • name (unique identifier)

  • Description (optional)

Only Users with the Administrator or Users Administrator role may create or edit roles.

You are free to manually define custom roles, i.e. by giving it select permissions. In general however, it is recommended that roles are created and managed by applications. The applications then typically also implement the related functionality that the role gives access to.

Unlike groups, a role may not be assigned other roles. It is designed to provide a specific access, and nothing else.

Permissions

Just like users and gruoups, a role may be given explicit permissions to content in the CMS via Content Studio

System roles

Enonic XP ships with several built-in roles. Each of which provide specific access and priveliges in the system.

system.admin Users with this role have full access to all content and admin tools through the user interface.

system.admin.login Users with this role can log in to the administration console. These users will also require a role for each of the admin tools that the users need access to.

system.user.admin Grants full access to the Users admin tool, including create/edit/delete for ID providers, users, roles, and groups.

system.user.app Provides read-only access to the Users admin tool.

Dynamic roles

The system also includes two special roles which cannot be directly assigned to a user or group, but are conditionally assigned to users automatically.

system.authenticated All users that are authenticated gets this role, regardless of ID provider.

system.everyone All users, both authenticated and non-autenticated users (The Anonymous user) are assigned this role.

The role can is typically used to grant read access to public content, thus making it available to - well everyone.

CMS Roles

cms.admin Allows full access to Content Studio, including ability to create and delete content projects.

cms.expert Grants the ability to view and modify source code in the rich text editor.

cms.cm.app NOTE: This role is deprecated. It gives users to access to the legacy default project in Content Studio. Users with this role can see content and sites, but cannot create new sites or any new content in the project.

XP 7.11.0 When using Content Projects, each project automatically creates a set of project roles in addition to the built-in roles listed above.

These roles will be prefixed with cms.projectname., and as such be unique to each individual project.

Contents

Contents