Each page in a community can be restricted according to access level, allowing some areas of a community to be accessible to some users but not others. Community-level access supersedes page-level access, so looser page level access control levels are ignored if the page’s community is more restrictive.
Beyond the page level, the security provided by the PAF security methods and tags can apply restrictions at the gear level. For example, a particular page might be available to members of a community, but a gear on that page might only be available to Community Leaders. Gears that a user does not have access to are not rendered on the page.
ATG Portal contains options for community-specific and gear-specific security settings. You can specify page security settings from the Community Access section of the Community Settings page of the Portal Administration pages. You can specify gear security settings by editing the individual gear configuration.
If users attempt to access a community page for which they do not have access, one of two events takes place:
If the user is not logged in, the user is directed to the login page. After authentication, the user is redirected to the desired page.
If the user is logged in, and does not have permission to view the page, the user is redirected to the “access denied page.”
Gears will not function correctly if you try to access them directly in their servlet context (for example http://hostname:port/gear/gearname/shared.jsp).
