You are authorized to specify who can access any page on which you also have
Edit Page permission. Among those you authorize to access the page, you can assign varying levels of access, so that some users can edit the page while others can merely view it. If you prefer, you can specify that the page inherits its access settings from the application.
You may want to open a page to many users, but limit the exposure of a particular page component to a specific user, a user group, or to users who are assigned a specific application role. You can accomplish this by associating a security-related EL expression with the component instance.
This chapter provides information about securing pages and page components. It includes the following sections:
This chapter is intended for space Moderators and Participants and for page editors with the
create, edit, and delete permission on pages and on the services that provide the components to be secured. For more information about application roles and permissions, see Section 21.2, "Managing Application Roles and Permissions."
Page properties include a Security tab with controls for specifying who can do what to the current page (Figure 23-1).
The options that appear on the Security tab vary according to whether you are accessing the tab from a space page or a Home space page (Figure 23-1 shows the options for a Home space page).
This section describes how to set page access through page properties. It is also possible to set page access through the Personalize Pages page. Setting page access through the Personalize Pages page is discussed in Section 38.2, "Controlling User Access to Your Personal Pages."
Page access permissions set through the Page Properties dialog in Composer are committed after you click OK in the Page Properties dialog. Closing Composer without saving does not discard such changes.
Page access permissions set through the Personalize Pages page take effect after you click OK in the Set Page Access dialog.
To access the Security tab in the Page Properties dialog:
Go to the page you want to secure, and open it in Composer.
To open a page in edit mode (Composer), press Ctrl-Shift-E.
Click the Page Properties button (Figure 23-2).
In the Page Properties dialog, click the Security tab to bring it forward (Figure 23-3).
Space pages only:
To specify that the page should inherit access settings from the permissions established for the space, select Use Application Permissions (Figure 23-4), then click OK to save your changes and exit the dialog.
For more information about setting global space permissions, see Section 52.2, "Managing Roles and Permissions for a Space."
To set custom access on the current page, select Use Custom Access Settings.
If you select Use Custom Access Settings, continue with the next steps.
To grant page access permissions to all authenticated users, that is, to users who are logged in to the Spaces application, click Add Authenticated Access.
authenticated-role is added under Role or User.
To grant page access permissions to all public users, that is, users who have not logged in to the Spaces application, click Add Public Access.
anonymous-role is added under Role or User.
To grant page access to the
anonymous-role (that is, to enable users who are not logged in to access the space) the space must be public. The space cannot be private or hidden.
To grant page access permissions to selected users, groups, and application roles, click the Add Access button to open the Add Access dialog (Figure 23-5).
In the Search field, enter a search term, such as the name of the user, group, or role for whom to enable access, and click the Search icon.
Search terms must contain at least two characters.
Select a user, group, or role by clicking in its row.
When you select a user name, the permissions you set are granted to that specific user. When you select a group or application role, the permissions you set are granted to all users who are members of that group or who are assigned that role.
To make multiple selections:
Ctrl-Click to select multiple rows.
Shift-Click to select a range of rows.
The Add Access dialog closes, and the Set Page Access dialog populates with the selected users (Figure 23-6).
For each user, group, or role, grant access by selecting one or more access permissions from the Page Access columns (Table 23-1).
Users can access the page for viewing, but cannot perform any other actions on the page.
Users can edit the page using Composer. This includes adding, rearranging, and deleting content; renaming the page; and changing page properties.
Users can delete the page.
Users can perform all actions on the page.
Users can rearrange page content and personalize his or her view of task flows, provided the task flow includes personalization settings.
By default, all authenticated users and user roles that you add to the Set Page Access dialog are granted page view access. The other access privileges require page view access.
Click OK to save your changes and close the Set Page Access dialog.
There may be pages you want to expose to many users that have components you want only a select set of users—or even only one other user—to see. For example, imagine that you have created a space for all sales people. The space's home page includes two Announcements task flow instances: one for all sales people and one for sales managers only. You can secure the second Announcements instance so that only those users assigned the custom role
sales_manager can see it.
Any component that has an associated
Show Component property can be secured in this way. Those components that do not have an associated
Show Component property can be placed inside a component that does, and in this way be secured. For example, you can place an Announcements task flow, which does not have an associated
Show Component property, inside a Box layout component, which does. You can set the property on the Box, and that setting will also affect the display of Announcements.
You can also set security on the custom components that you import through the Resource Manager. For more information, see Section 10.4.4, "Setting Security for a Resource."
To set access on a component instance:
Go to the component instance you want to secure and access its Display Options properties.
For information about accessing component properties, see Section 17.5.2, "Setting Properties on Page Components."
Open the Expression Builder by clicking the Edit icon to the right of the
Show Component property and selecting Expression Builder (Figure 23-7).
Under Type a Value or Expression, enter one of the following EL expressions:
To expose a component only to members of a particular scope who are assigned a particular role in that scope, enter:
In lieu of
role, enter the role name, for example
The scope is implicitly resolved to be the current scope:
If you use this EL in the Home space, it resolves to Home space GUID and roles defined at the application level.
If you use this EL in a space scope, it resolves to roles defined for the space.
To expose a component only to members of a group, enter:
In lieu of
group_name, enter the name of the group, for example
To expose a component only to a specific user, enter:
In lieu of
user_name, enter the user name, for example
For more information about EL expressions, see Appendix B, "Expression Language Expressions." For information about EL expressions relevant to security, see Section B.4.3, "EL Expressions Relevant to Application Security."
Click OK to exit the Expression Builder, and click OK to save your changes and exit the Component Properties dialog.
Click Save and then Close to exit Composer.
The secured component appears only to those users with the name, role, or group you specified.