The versioned content repository /atg/epub/file/PublishingFileRepository
stores an application’s file asset metadata. ATG Content Administration accesses the PublishingFileRepository through the SecuredPublishingFileRepository component that overlays it:
/atg/epub/file/SecuredPublishingFileRepository
This component is an instance of the class :
atg.adapter.secure.GenericSecuredMutableVersionContentRepository
The default SecuredPublishingFileRepository component is set as follows:
$class=atg.adapter.secure.GenericSecuredMutableVersionContentRepository repositoryName=PublishingFiles repository=/atg/epub/file/PublishingFileRepository configurationFile=/atg/epub/file/publishingFileSecurity.xml securityConfiguration=/atg/dynamo/security/PublishingFileSecurityConfiguration XMLToolsFactory=/atg/dynamo/service/xml/XMLToolsFactory transactionManager=/atg/dynamo/transaction/TransactionManager
Item descriptor security
By default, security for all PublishingFileRepository item descriptors is defined as follows:
Principal | Access Privileges |
---|---|
Content Administration roles: ACC groups: | Read |
ACC groups: | Read |
You can examine the secured repository definition file at this location:
<ATG9dir>/Publishing/base/config/atg/epub/file/publishingFileSecurity.xml
You can also access this file in the Dynamo Administration Component Browser, via the configurationFile
property of the SecuredPublishingFileRepository component.
Content item security
The SecuredPublishingFileRepository uses a custom security policy that determines user access to a content item as follows
Checks the ACL for the given item.
If the item’s
acl
property is null or empty, checks the ACL for its parent folder:If set, the parent folder’s ACL is used to determine user access to the child item.
If null or empty, the system walks up the folder hierarchy until a folder with a defined ACL is found.
By default, ATG Content Administration defines an ACL for the repository’s root folder; the ACL is defined as follows:
Principal | Access Privileges |
---|---|
Content Administration roles: ACC groups: | List |
Content Administration roles: ACC groups: | List |
Configuring the security of the PublishingFileRepository is similar to configuring security for any other VersionRepository that stores your application’s assets. You can configure the following assets: