This section discusses how to configure security for projects and workflows used in ATG Content Administration. It relies on familiarity with general workflow security, which uses the Access Control List mechanism. Workflow security is described in Setting Up Security Access for Workflows in the ATG Personalization Programming Guide.

User access to a project and its tasks in the Business Control Center is controlled by the access settings for the project workflow. For example, access to a project’s Author task options depends on having Execute access rights to that task in the underlying workflow.

Workflow access rights are themselves determined by roles. For example, in any project that uses unmodified the installed project workflow, write and execute access to the Content Review task is given to roles EPub-Manager, EPub-Super-Admin, and managers-group. Any user who has one of these roles can complete this task.

Write access lets a user change task attributes, such as its priority, owner, and access control list. Execute access lets a user complete or release a task.

The following table shows the access rights required to perform project and workflow-related tasks in the Business Control Center:

Task

Required access

Create a project

Execute access to the project workflow

Add an asset to or remove an asset from a project

Execute access to Author task, appropriate access rights to the asset repository

Assign tasks to other users

Write access to the task

Release task

Execute access to the task

Complete a task—that is, change its status in the Business Control Center

Execute access to the task

Deploy project

Execute access to the workflow Deploy task

Default Workflow Access Settings

The following table describes the access rights that are initially set for the staging/production workflow:

Task

Roles

Access rights

Create project

administrators-group
EPub-Admin
EPub-Manager
EPub-Super-Admin
EPub-User
managers-group

Execute

Author

All

Write/Execute

Content review

EPub-Manager
EPub-Super-Admin
managers-group

Write/Execute

Approve for staging deployment

EPub-Manager
EPub-Super-Admin
managers-group

Write/Execute

Wait for staging deployment completion

administrators-group
EPub-Admin
EPub-Super-Admin

Write/Execute

Verify staging deployment

EPub-Manager
EPub-Super-Admin
EPub-User
managers-group

Write/Execute

Approve for production deployment

EPub-Manager
EPub-Super-Admin
managers-group

Write/Execute

Wait for production deployment completion

administrators-group
EPub-Admin
EPub-Super-Admin

Write/Execute

Verify production deployment

EPub-Manager
EPub-Super-Admin
EPub-User
managers-group

Write/Execute

To change access rights for a workflow or its individual tasks, open the workflow in the ACC and edit the appropriate elements. For more information, see Setting Up Security Access for Workflows in the ATG Personalization Programming Guide.