This section discusses how to configure security for projects and workflows used in ATG Content Administration. It relies on familiarity with general workflow security, which uses the Access Control List mechanism. Workflow security is described in Setting Up Security Access for Workflows in the ATG Personalization Programming Guide.
User access to a project and its tasks in the Business Control Center is controlled by the access settings for the project workflow. For example, access to a project’s Author task options depends on having Execute access rights to that task in the underlying workflow.
Workflow access rights are themselves determined by roles. For example, in any project that uses unmodified the installed project workflow, write and execute access to the Content Review task is given to roles EPub-Manager, EPub-Super-Admin, and managers-group. Any user who has one of these roles can complete this task.
Write access lets a user change task attributes, such as its priority, owner, and access control list. Execute access lets a user complete or release a task.
The following table shows the access rights required to perform project and workflow-related tasks in the Business Control Center:
Task | Required Access |
---|---|
Create a project | Execute access to the project workflow |
Add an asset to or remove an asset from a project | Execute access to Author task, appropriate access rights to the asset repository |
Assign tasks to other users | Write access to the task |
Release task | Execute access to the task |
Complete a task—that is, change its status in the Business Control Center | Execute access to the task |
Deploy project | Execute access to the workflow Deploy task |
Default Workflow Access Settings
The following table describes the access rights that are initially set for the staging/production workflow:
Task | Roles | Access Rights |
---|---|---|
Create project | administrators-group | Execute |
Create emergency project | EPub-Admin | Execute |
Author | All | Write/Execute |
Content review | EPub-Manager | Write/Execute |
Approve for staging deployment | EPub-Manager | Write/Execute |
Wait for staging deployment completion | administrators-group | Write/Execute |
Verify staging deployment | EPub-Manager | Write/Execute |
Approve for production deployment | EPub-Manager | Write/Execute |
Wait for production deployment completion | administrators-group | Write/Execute |
Verify production deployment | EPub-Manager | Write/Execute |
To change access rights for a workflow or its individual tasks, open the workflow in the ACC and edit the appropriate elements. For more information, see Setting Up Security Access for Workflows in the ATG Personalization Programming Guide.