As mentioned before, the task configuration file controls the tabs, views, buttons and other parts that make up the screens you see in the UI. The items you see in the UI, such as user profiles or content groups, are affected by the task configuration file in that it controls the views used to display items and whether you can edit or only view them.
Item-level security is available through the secured repositories feature, which provides access control lists that you use to grant and deny permissions to internal users. A user who has edit, list, or view privileges will see all items in the UI, whereas one who doesn’t won’t see any. You can also use secured repositories to manage access to item descriptors and properties.
Secured repositories can provide a high-level restrictions, by hiding links in the Operations list on the ATG Business Control Center home page as well as controlling access to workflows and workflow tasks. For information, see the Managing User Access and Security chapter of the ATG Content Administration Programming Guide.
In short, the task configuration file manipulates the UI appearance (such as the Browse tab) and secured repositories manipulates a user’s access to data visible through the UI (such as user profiles). Although you can use the task configuration file to control how users interact with items (for example, removing buttons to prevent editing assets), all items are visible to all users. Secured repositories, however, hides items from view if a user doesn’t have the appropriate permissions.
Notice that secured repositories applies restrictions on the user profile , organization-level, or role-level. The task configuration file has no knowledge who a user is, but rather what actions that user performs in the UI. The task configuration settings are tied to the task, activity or workflow used to access the UI.
You may configure your application to tailor the UI for the actions a user wants to perform in it (using the task configuration file) as well as protecting assets from users who don’t need to work with them (using secured repositories). Keep in mind that activities exist in a slightly different paradigm. All users see the same items in an activity regardless of their access rights because activities don’t retain information about users.
The Search tab poses a complication because you use it to specify the types of items that are searchable in the task configuration file. So, it’s possible for a user to think he or she can search for a type of item, such as organizations, because it’s visible in the drop-down list, but no items of that type will be returned unless the user has access to view them.
