17.2 Delegating the Task of Assigning Privileges

In a large enterprise, the portal administrator should consider delegating the power to assign privileges. The range of privileges extends from portal-wide to item-specific. A lone portal administrator handling all privilege assignments could easily be overwhelmed by access requests.

Typically, a privilege that provides total control over an object—from a page group to an item—also provides the power to assign equal or subordinate access privileges to other users. For example, a page group administrator—that is, a user with the page group privilege Manage All on a page group—can assign the page privilege Manage to users and groups. Among other things, this privilege enables users to create sub-pages under the page on which they have the privilege. A user with the page privilege Manage can enable item level security and assign item-level access privileges.

Table 17-1 lists the privileges that include the power of privilege assignment and the types of privileges that can be assigned.

Table 17-1 Privileges that Include the Assignment of Privileges

Privilege Power of Assignment

The global privilege Manage All on the object type All Page Groups

  • Page group privileges on all page groups

  • Page privileges on all pages in all page groups

  • Tab privileges on all tabs in the page group

  • Item privileges on all items in the page group

  • Template privileges on all templates in the page group

  • Style privileges on all styles within the page group

The global privilege Manage Templates on the object type All Page Groups

  • Template privileges on all templates on all page groups

The global privilege Create on the object type All Page Groups

  • Page group privileges on all page groups the user creates

  • Page privileges on all pages the user creates

  • Tab privileges on all tabs the user creates

  • Item privileges on all items the user creates

The global privilege Manage on the object type All Pages

  • Page privileges on all pages

  • Tab privileges on all tabs

  • Item privileges on all items

Page group privilege Manage All

  • Page privileges on all pages in the page group

  • Tab privileges on all tabs in the page group

  • Item privileges on all items in the page group

  • Template privileges on all templates in the page group

  • Style privileges on all styles within the page group

Page privilege Manage

  • Page privileges on the managed page and any of its sub-pages that inherit their privileges from the managed page

  • Tab privileges on the managed page and any of its sub-pages that inherit their privileges from the managed page

  • Item privileges on the managed page and any of its sub-pages that inherit their privileges from the managed page

  • Style privileges on the managed page and any of its sub-pages that inherit their privileges from the managed page

    For users with the page privilege Manage Style to change the style of a page, the option Allow Privileged Users To Manage Page Style must also be selected for the page group.

    The template-level option Enable Pages To Use Different Style controls whether page designers can specify different style settings for pages based on the template.

Tab privilege Manage

  • Tab privileges on the tab and its sub-tabs

  • Item privileges on tab and its sub-tabs

  • Style privileges on the tab and its sub-tabs

    For users with the tab privilege Manage Style to change the style of a tab, the option Allow Privileged Users To Manage Page Style must also be selected for the page group.

    If a tab is based on a template, users with the tab privilege Manage Style may not be able to control the style of the tab. The template-level option Enable Pages To Use Different Style controls whether page designers can specify different style settings for the tab.

Item privilege Manage

  • Item privileges on the item and its sub-items

For a list and description of all privileges, from page groups to items, see Appendix B, "Page Group Object Privileges".