Each ATG Content Administration user requires a profile in the ATG profile repository; the values of the login and password profile properties are used as the username and password to log into the Business Control Center. Access to activities within the Business Control Center, however, is controlled by ACC roles (People and Organizations > Roles in the ACC).

The following table lists the preconfigured roles that ATG Content Administration provides for use in the Business Control Center. For detailed, information, see PublishingRepository Security in this chapter.


Intended for...


Users who create and manage assets.


Users who perform activities such as reviewing and approving content created by an EPub-User. An EPub-Manager can also deploy assets to production targets.


Users who require administrative privileges—for example, to configure the Business Control Center or modify user access rights.


Users who require full access to the PublishingRepository.

The EPub-Super-Admin role is set as the role in the superAdminRole property of the /atg/epub/Configuration component. When checking the access rights to items in the PublishingRepository for a given user, ATG Content Administration first checks whether the user is assigned the role defined in Configuration.superAdminRole. If this is the case, the system assumes that the user has full access to the PublishingRepository, and no additional security checks are made.

It’s important to note that the role defined in Configuration.superAdminRole is automatically granted full access to all items in the PublishingRepository only. It is not automatically granted access to any other items, such as those stored in versioned repositories.

To specify a different role as the Super Admin role, simply set the /atg/epub/Configuration.superAdminRole property to a fully qualified role name via the ATG Control Center.

In the initial stages of development, you should assign the EPub-User, EPub-Manager, or EPub-Admin role to any new Business Control Center users you create. However, you typically want to restrict access to various projects and assets to subsets of users, such as merchandisers, scenario authors, system administrators, and so on. Consequently, early in the development process, you should identify the user types that are required for your content development environment, create the appropriate principals (roles, organizations, and so on), and configure their access rights accordingly. You should complete this step early in the development process in order to minimize its difficulty and avoid runtime access problems. For more information on adding new principals, see the ATG Personalization Programming Guide.

Note: The admin user profile that is provided for default access to the Business Control Center is assigned the EPub-Super-Admin role. Only users who require full access to the PublishingRepository should use the default account or the EPub-Super-Admin role. The password for the admin account is defined through the Configuration and Installation Manager (CIM) during the post-installation setup process. For more information, refer to the ATG Business Control Center Administration and Development Guide.

ATG Portal Roles

In addition to one of the ATG Content Administration roles described above, users also require an ATG Portal role that provides access to the Business Control Center UI—for example 100001-member. These roles are also assigned through the People and Organizations > Roles window in the ACC. The appropriate roles are located in the Global Roles > Bizui folder.