Administrator Guide

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Setting up and Securing the Publisher Folder Structure

One of the primary tasks of users in the Administrator role in Publisher is to set up and secure the folder structure of Publisher. Administrators can delegate ownership and maintenance of the content organizational structure, but only users in the Administrator role can set up and secure the top level of folders.

The tasks involved in setting up the Publisher folder structure include:

This chapter includes the following topics:

For a discussion of how to set up and attach workflow to Publisher folders, see Using Workflow.

 


Defining Your Folder Structure and Managing Folders

This section provides an overview of the Publisher folder structure. It also discusses how to create new folders.

Publisher Folder Structure

Users with the Administrator role are responsible for creating the top-level Publisher folders. The folder structure, along with the security attached to each folder, determines the extent to which content management responsibility is concentrated in a small group of administrators or distributed to a number of content managers.

You can set up your Publisher folder structure in any way that suits your organizational needs. You should, however, consider the following:

A high-level example of a folder structure based on departmental and administrative responsibilities would be the following:

ROOT

In this example, the content administrator has organized the high-level folder structure according to security access and a function-based taxonomy.

The following table lists the security that the administrator in this example has provided for the contents of each top-level folder:

Table 4-1 Example of Security Assignments for Publisher Top-Level Folders
Folder
Groups with Access and their Roles
Comments
Communities
  • Portal Management Team: Folder Administrator
  • Community Managers: Editor
Each community folder contains portlets for that community. For each community folder (such as Engineering and Marketing), the appropriate community manager has a Folder Administrator role.
Portal Administration
  • Portal Management Team: Folder Administrator
Contains portlets to be displayed on the portal home page, such as corporate announcement or holiday schedule.
Portlet Templates
  • Portal Management Team: Folder Administrator or Producer (depending on administrative versus web development roles)
  • Community Managers: Editor
The portlet templates are organized into folders representing portlet template types. Since portlet templates are most likely to be created by web developers on the portal management team, they have greater access to the top-level folder than do community managers, who are the primary users of portlet templates.
Images
  • Portal Management Team: Folder Administrator
  • Marketing Team: Producer
  • Developer Team: Editor
Keeping images in a single folder with the Image Service as publishing target enables non-gatewayed access to images. Giving the marketing team Producer access enables them to control consistent imaging across portlets.
Testing
  • Portal Management Team: Folder Administrator
  • Developer Team: Folder Administrator
A top-level testing folder is useful as sandbox for testing portlet applications before rolling them out.

For detailed descriptions of the access provided by each Publisher role, see Publisher Roles.

Creating New Folders

You can create folders using Publisher Explorer or by creating a published content portlet using the Configure Portlet Wizard.

Caution: Only users with the Administrator role can create or modify top-level folders.

Publisher Explorer

To create a new folder in Publisher Explorer:

  1. Navigate to the folder in which you want to create the new folder.
  2. To create new top-level folders, navigate to the root folder.

  3. Click New | Folder in the menu bar or right-click in the table pane and choose New | Folder.
  4. Enter a name for the folder and click OK.
  5. Note: If you use the Map a Web Folder feature to view the Publisher folder structure using Windows Explorer, you should avoid using folder names that include the following characters: \ / : * ? " < >. Windows Explorer does not allow file or folder names that include these characters, and any such folders will not appear in the Publisher folder structure when viewed with Windows Explorer.

For more information on Publisher Explorer, see Using Publisher Explorer.

Published Content Portlet Folders

When you create published content portlets using the Configure Portlet Wizard, Publisher creates the corresponding portlet folder automatically in the folder specified as the save-to location.

You can also use Publisher Explorer to create portlet folders, just as you do with any lower-level folder.

Portlet folders have some particular requirements and functions that differentiate them from other folders in the Publisher folder structure.

For more information, see Managing Published Content Portlet Folders.

 


Setting Up Security

This section provides an overview of Publisher security and discusses how to:

Publisher Security Overview

Security in Publisher is role-based and is set at the folder level. Each Publisher role has a defined level of access to Publisher functions. For each folder you create in Publisher, you can specify which AquaLogic Interaction users and groups are assigned to which Publisher roles, or you can choose to have the folder inherit its security from the next folder up in the hierarchy. Administrators can assign security to all Publisher folders, including top-level folders. Folder Administrators can assign security to lower-level folders.

For example, let us say you, as Administrator, have created a Marketing folder for all marketing community portlets and content. You want the Marketing community manager to have the ability to edit, delete, rename, reassign security, override workflow, and publish the portlets in the folder, so you assign the community manager the Folder Administrator role, which gives him access to these functions for the folder. You want the web master to be able to modify the Presentation Templates and Data Entry Templates for the Marketing community portlets, so you assign her the Producer role, which gives her access to those functions, but without the ability to change security settings, delete, or rename the folder. And you want certain community members to be able to view version history and publishing information for the portlets in the folder, so you give them the Contributor role. By default, the Administrator role always has full access to all Publisher folders and functions.

Note: Publisher security does not affect access to portlets through the portal. You define this access in portal security. It is important, however, that Publisher security mirror portal administration security as closely as possible for any published content portlets that enable users to submit content through the portal. Publisher therefore provides a means for mapping portal security to Publisher security for a portlet. For more information see Mapping Portal Security to Publisher Security.

Publisher Roles

Access to content and features in Publisher is controlled through the following roles:

Note: Access to Workflow administration requires the Configure Workflow activity right and is independent of Publisher roles. For more information, see Assigning the Administer Publisher and Configure Workflow Activity Rights
Caution: You might be assigned different roles in different Publisher folders.

The following table provides a detailed list of Publisher functions and the roles that have access to them.

Table 4-2 Publisher Functions and Roles
Key: R = Reader; S = Submitter; C = Contributor; E = Editor; P = Producer; FA = Folder Administrator; A = Administrator.
Function
Roles with Access
Create top-level folders
A
Copy, rename, move, and delete top-level folders
A, FA
Security: assign users, groups, and roles to folders
A, FA
Detach portlet from folder
A, FA
Attach workflow to a folder in Publisher Explorer
A, FA
Override workflow
A, FA
Undo checkout (by other user)
A, FA
Create, delete, copy, move, and rename lower-level folders (move requires permission on both the move from and move to folders)
A, FA, P
Create new Data Entry Templates, Presentation Templates, and selection lists
A, FA, P
Edit content items assigned to another user in workflow
A, FA, P
Set publishing targets
A, FA, P
Publish to directory
A, FA, P, E
Publish content item or folder
A, FA, P, E
View and edit publishing information in Content Item Editor
A, FA, P, E
Schedule publishing and expiration
A, FA, P, E
View and restore versions in Content Item Editor
A, FA, P, E, C
Create, edit, copy, delete, and rename content items
A, FA, P, E, C, S
Preview content items
A, FA, P, E, C, S
Check content items in and out
A, FA, P, E, C, S
Use WebEdit when creating and editing content items
A, FA, P, E, C, S
Access WebDAV and set up a Web folder for Publisher
A, FA, P, E, C, S
Set user Quicklinks and preferences in Publisher Explorer
A, FA, P, E, C, S
Use the Copy to function in Publisher Explorer (security applies to the folder copied to)
A, FA, P, E, C, S
Use the Move to function in Publisher Explorer (security applies to the folder moved to)
A, FA, P, E, C, S
Create a new folder in a Community Directory portlet
A, FA, P, E, C, S
Browse, search, and view published content portlets
A, FA, P, E, C, S, R
Browse, search, and view intrinsic Publisher portlets
A, FA, P, E, C, S, R
Be assigned to workflow activities
A, FA, P, E, C, S, R
Approve or reject a work item
A, FA, P, E, C, S, R

Publisher and Workflow Activity Rights

Users are given the Administrator role by being granted the Administer Publisher activity right. An activity right is a security function that assigns access to a set of administrative activities. By giving access to the Administrator role, the Administer Publisher activity right provides complete access to all Publisher functions except workflow administration.

The Configure Workflow activity right is required to give access to all Workflow Administration features, and we recommend that it be granted to all users in the Administrator role.

Users in the Administrators group in portal security have the Administer Publisher and Configure Workflow activity rights by default, and users in this group can delegate their authority by assigning it to any other portal group. Most organizations assign the Administer Publisher and Configure Workflow rights to their information technology manager, portal manager, or web master.

Assigning the Administer Publisher and Configure Workflow Activity Rights

To grant an activity right to a group:

  1. Log in to the portal.
  2. Click the Administration tab.
  3. Select the Activity Manager.
  4. Click the activity right you want to edit.
  5. Click Add Groups.
  6. Select the group to which to grant the activity right.
  7. Click OK.
  8. Click Finish.

For information on assigning activity rights in the portal, see the Administrator Guide for AquaLogic Interaction.

Assigning Users and Roles to Publisher Folders

Once a user has been assigned the Administrator role through the Administer Publisher activity right (which is granted by default through membership in the portal Administrators group), that user can set up security for the top-level Publisher folders. Once an Administrator has set up security for the top-level folders, users in the Folder Administrator role can assign security for any folders for which they have that role, including top-level folders. By default, security settings cascade down from folders higher in the hierarchy to all lower-level folders, unless an Administrator or Folder Administrator overrides the security inheritance for the lower-level folder.

Note: You cannot override inherited Administrator or Folder Administrator assignments for a folder.

Before you can assign Publisher security, the users and groups must already be defined in portal administration.

For more information, see the Administrator Guide for AquaLogic Interaction.

To assign a user or group to a Publisher role for a Publisher folder:

  1. Access the Content Security page. You can access this page the following ways:
    • From Publisher Explorer, right-click on the folder for which you want to assign security and click Content Security.
    • From the Configure Portlet Wizard, click the Security button. You can set security for any portlet folder for which you have the Folder Administrator role.
    • From the Configure Portlet Template Wizard, navigate to the Template Security page and click the Edit button. You can set security for any portlet template folder for which you have the Folder Administrator role.
  2. On the Content Security page:
    • If you want the folder to inherit the Publisher security of the Publisher folder it resides in and you do not want to map a portal administration object’s portal security to the folder’s Publisher security, check the Inherit Security checkbox. This option is checked by default when you create a folder.
    • If you want to specify the Publisher security for the folder or you want to map a portal administration object’s portal security to the folder’s Publisher security, clear the Inherit Security check box. This activates the Add Users and Groups and Add Portlet Security Map buttons.
    • Note: The Content Security page works slightly differently for Portlet Templates. For more information, see Accessing the Configure Portlet Template Wizard.
    • Use the Add Users and Groups button to select and add users and groups that should have access to the folder. Use the Role column to assign a Publisher role to each user and group.
    • If you want to map the folder’s Publisher security to a portal object’s portal security, click the Add Portlet Security Map button to activate the mapping fields.
    • For more information about mapping portlet security to Publisher security, see Mapping Portal Security to Publisher Security.

  3. Click Finish to save the security settings.

Mapping Portal Security to Publisher Security

ALI portal security is maintained separately from Publisher security. For example, access to a portlet in the portal is maintained in portal administration and controls such things as the ability to add a portlet to a user My Page or view a portlet in a community. Security for the Publisher objects that make up the portlet (the portlet folder, subfolders, content items, Data Entry Templates, selection lists, and Presentation Templates) is defined entirely within Publisher. In general, users with access to a portlet in the portal should have the same level of access to the portlet in Publisher. Without this mapping of portal security to Publisher security, the following might occur:

You can use the Content Security page to map a portal object’s security to the Publisher security for a Publisher folder. When you do so, Publisher automatically adds all of the users on the portal object’s Access Control List (ACL) to the Publisher security list for the folder, with Publisher roles that you specify on the Content Security page. The following table provides an example:

Table 4-3 Portal to Publisher Security Mapping
Portal Object Security
Publisher Folder Security
Read
Submitter
Select
Submitter
Edit
Producer
Admin
Folder Admin

In this example, all of the users with Read access to the portlet in the portal will have Submitter access to the Publisher portlet folder, and so forth.

If a user’s access to a Publisher folder as defined by portal security mapping is not the same as the user’s explicit Publisher folder security (as defined in the Users/Groups and Role columns on the Content Security page), the higher access level applies. For example, if a user has the Submitter role for the Publisher folder by virtue of his or her portal security access level and the Contributor role by virtue of his or her explicit Publisher security for the folder, the user will have the Contributor role for the folder.

To map a portal object’s security to Publisher security for a Publisher folder:

  1. Access the Content Security page for the folder (or portlet or portlet template).
  2. See Assigning Users and Roles to Publisher Folders.

  3. Click Add Portal Security Map to access the Portal Object dialog box, where you can select the portal objects from which you want to apply the security on the Publisher folder.
  4. Note: When you open the Content Security page from within the Configure Portlet Template Wizard, a shortcut button appears, labelled with the portlet template’s name. Click it to add the portlet template to the Portal Object column without opening the Portal Object dialog box.
  5. When you have selected the portal object whose security you want to map, the portal object appears in the Portal Object column on the Content Security page.
  6. In the Access Level to Role column, select the appropriate Publisher role for each portal security access level.
  7. Figure 4-1 Content Security Page Displaying Portlet Mapping Fields


    Content Security Page Displaying Portlet Mapping Fields

    For example, let us say you are assigning security to a Technical Publications News portlet folder, and the portal object whose security you are mapping is the community. If you map the Select portal access level to the Submitter role, all users with Select portal access to the community will have Submitter access to the portlet folder in Publisher, and will be able to create, edit, and review content items for the portlet.

  8. Click Finish to save the security settings.
Note: This process is slightly different if you are mapping portal security to Publisher security for a new published content portlet template. For more information, see Using the Template Security Page.

 


Configuring Publishing Targets and Preview Sites

This section provides an overview of publishing targets and preview sites and discusses how to:

Publishing Targets and Preview Sites

After you set up your folder structure in Publisher, you must designate where the content items in your Publisher folders will be previewed and published.

Publisher must have access to these locations either over the network or FTP, and must have write access to the folder. To configure a Publisher publishing target, determine the location of the server and how it is accessed over the network and Internet:

Users in the Administrator role configure the publishing target and preview site for the root folder. Users in the Producer role and above can configure publishing and preview targets for all other folders.

By default, each folder inherits publishing and preview locations from its parent folder in the hierarchy. For example, let us say that the root folder’s publishing target is the following:

file://localhost/C:/Program Files/mycompany/ptcs/publishedcontent/publish

And let us say that there is a content item in the following folder within the Publisher folder structure: Root/Communities/Marketing/Marketing News. The default publishing target for that content item would be:

file://localhost/C:/Program Files/mycompany/ptcs/publishedcontent/publish/communities/marketing/marketing news/<content item>

The publishing target directory structure, by default, mirrors the Publisher folder structure. You can break this default web server directory structure by overriding the publishing target inherited from the parent folder at any folder level by configuring a different publishing target for the folder. All subfolders of that folder then inherit the new publishing target.

Taking the above example, let us say that you want the content items in the Marketing folder to be published to the following folder on the web server:

file://localhost/C:/Program Files/mycompany/ptcs/publishedcontent/publish/communities/sales_and_marketing

You would change the publishing target for the Marketing folder to that new file path. All folders below the Marketing folder level would inherit this publishing target (unless you in turn change their publishing targets). And the content item in the above example would now be published to the following target:

file://localhost/C:/Program Files/mycompany/ptcs/publishedcontent/publish/communities/sales_and_marketing/marketing news/<content item>

Configuring the Publishing Target and Preview Site for the Root Folder

A user in the Administrator role must configure the publishing target and preview site for the root folder before configuring any other folders. To configure the root folder for publication and preview:

  1. Open Publisher Explorer.
  2. Right-click the root folder and select Publishing Target.
  3. Click the Publish tab.
  4. Choose the method of transfer: FTP or File path.
  5. Note: Use File path only if the server is accessible through a local drive or a mapped network drive.
  6. In Transfer Path, type the path to the location that you have selected as the publishing target. Transfer Path accepts UNC (Uniform Naming Convention) paths.
  7. If you chose FTP in step 4, select one of the following:
    • Use anonymous FTP: The target system has a guest account that requires no password.
    • Log in: The target system requires a password. You must enter a valid User Name and Password.
  8. In Browser Path, type the URL (web path) to the location you have selected as the publishing target.
  9. If you want the folder structure of the publishing location to match the Publisher folder structure for this folder and its subfolders, leave the Mirror Site Hierarchy checkbox selected. Clear the checkbox if you want all content items in this folder to reside in a flat structure within this folder, with no lower-level folder hierarchy. The system adds a unique ID to each published item in this case to avoid interference between any items in the folder that share the same name.
  10. Note: While most users do not choose to publish content items into a flat web server directory structure, it can be useful in some situations. For example, you may have several Publisher folder trees, each containing an image folder, and all of the images are published to the same folder on the web server. If you clear the Mirror Site Hierarchy checkbox, each item name in the folder and its subfolders will be given a unique ID, thus preventing any image files that share the same name from interfering with the others.
  11. Click the Preview tab and follow steps 4 - 8 for the Preview Site.
  12. If you want to test whether the transfer path and browser path point to the same location, click Test Publish Target. Any error messages appear at the bottom of the page.
  13. Click Finish to save your changes and close the window.

Configuring the Publishing Target and Preview Site for All Other Folders

By default, all folders inherit publishing and preview locations from the folder above them in the Publisher folder hierarchy. Administrators, Folder Administrators, and Producers can override this inheritance and configure a new publishing target or preview site for a folder other than the root folder. When you configure a folder, all of its subfolders inherit the new configuration.

To modify the publishing and preview settings for any folder, right-click the folder and choose Publishing Target. Follow steps 3 - 11 under "Configuring the Publishing Target and Preview Site for the Root Folder," after first clearing the Inherit parent folder settings to enable the reconfiguration.

If you configure a folder and later want to reset it to inherit the parent’s settings, select the Inherit parent folder settings checkbox on the Publishing Targets page. This resets both the publishing targets and preview site to that of the parent folder.


  Back to Top       Previous  Next