3.4.1 Understanding security in Web content management

Abstract

Untitled Document

Table of contents | Next | Previous

Understanding security in Web content management

The goal of the security in a Web content management (WCM) system is to partition the user population in different groups, adapting the content and actions available to them to the tasks they have to perform. To accomplish this mission, WCM provides tools for the following purposes:

Control who can create content and design elements of a given type
Suit the views and actions available in the authoring portlet for each user
Determine which items are visible for a user when accessing them though the authoring portlet or rendering them in a site

This article discusses

WCM security is based on portal security, which provides a module called VMM, which is capable of managing multiple LDAPs and databases for a single portal instance. Portal security provide utilities to create, update, and delete user and groups through the administration area.

Permissions are organized by using a tree-like structure. You can start by defining a general permission set for all libraries at the JCR repository and refining them for every item in the library, then for each item type, and finally item by item. By default, access levels are inherited by using the hierarchy shown in the following figure.

Propagation and inheritance of permissions can be stopped at any level of this tree.

The security level are based on portal roles. For library security, there are five levels: user, contributor, editor, manager, and administrator. Item security has four security levels: user, contributor, editor, and approver. We explain these levels in the sections that follow.

The security model for the River Bend sample site

The following section discusses the security model for the River Bend sample site.

The River Bend Web site is organized in five sections:

Home
Company
News
Food
Beverage

This Web site has the following security requirements:

There are three groups of users that can author content:

General authors who will create content for the home page
Authors from the marketing department who will create content for company and news sections
Authors from the operations department who will create content for Food and Beverages

Approval for publish content must be provided by three different departments: HQ, HR, and Legal.
Content must expire automatically or manually by either the author or any of the group of approvers from HQ, HR, and Legal.
Any user must be able to view published content.

With this requirement we have prepared the following permission matrix. For every site section, three rows are shown: readers, editors, and approvers.

	Draft	Approval	Publish	Expired	Reject
Home	Author	Author contentApproversHQ contentApproversHR contentApproversLegal	All users	Author contentApproversHQ contentApproversHR contentApproversLegal	Author
	contentAuthorsStoreMgr
	Author	Joint approval: contentApproversHQ contentApproversHR contentApproversLegal	contentApproversHQ contentApproversHR contentApproversLegal	Author contentApproversHQ contentApproversHR contentApproversLegal
Company	Author	Author contentApproversHQ contentApproversHR contentApproversLegal	All users	Author contentApproversHQ contentApproversHR contentApproversLegal	Author
	contentAuthorsMarketing
	Author	Joint approval: contentApproversHQ contentApproversHR contentApproversLegal	contentApproversHQ contentApproversHR contentApproversLegal
News	Author	Author contentApproversHQ contentApproversHR contentApproversLegal	All users	Author contentApproversHQ contentApproversHR contentApproversLegal	Author
	contentAuthorsMarketing
	Author	Joint approval: contentApproversHQ contentApproversHR contentApproversLegal	contentApproversHQ contentApproversHR contentApproversLegal
Food	Author	Author contentApproversHQ contentApproversHR contentApproversLegal	All users	Author contentApproversHQ contentApproversHR contentApproversLegal	Author
	contentAuthorsOps
	Author	Joint approval: contentApproversHQ contentApproversHR contentApproversLegal	contentApproversHQ contentApproversHR contentApproversLegall
Beverages	Author	Author contentApproversHQ contentApproversHR contentApproversLegal	All users	Author contentApproversHQ contentApproversHR contentApproversLegal	Author
	contentAuthorsOps
	Author	Joint approval: contentApproversHQ contentApproversHR contentApproversLegal	contentApproversHQ contentApproversHR contentApproversLegal

Article information

Category:

IBM Redbooks: Building a Web site using Lotus Web Content Management 6.1

Tags:

building a site

This Version:

Version 6

October 21, 2009

6:35:04 PM

by Amanda J Bauman IBMer

Attachments (0)

Versions (2)

Comments (0)

Copy and paste this wiki markup to link to this article from another article in this wiki.

Link:

Version ComparisonCompare version with version
	Version	Date	Changed by	Summary of changes
	20	Oct 22, 2008 10:59:30 AM	John Bergland
	This version (6)	Oct 21, 2009 6:35:04 PM	Amanda J Bauman