Technical
Users, groups and access rights
-
The Language Processing Framework
-
ATLAS system database
-
Overview
-
ATLAS core database
-
Common language processing tools
-
MT Overview
-
Overview
-
Overview
-
Atlas Overview
-
Bulgarian LPC
-
Categorization algorithms
-
English LPC
-
Export and import
-
File storage
-
German LPC
-
Greek LPC
-
i-Librarian
-
Installation and configuration of an ATLAS component
-
MT in Atlas
-
Overview, properties and relations
-
Pages
-
Polish LPC
-
Purpose of the document
-
Romanian LPC
-
Servlets and Filters
-
Summary Overview
-
System chapter
-
System layers
-
Approval
-
Categorization module
-
Common concepts
-
Content model
-
EUDocLib
-
Handling the HTTP request
-
Key features
-
Pre-required software
-
Scope of the document
-
Summary Module
-
Text mining relational data
-
Widgets
-
Aliases
-
ATLAS components
-
Categorisation and data mining
-
Component plugins
-
Diagrams
-
Intended audience of the document
-
Renderers
-
Text mining extracts visualization
-
Text mining Lucene storage
-
Users, groups and access rights
-
Datasources and selections
-
Document structure
-
History and revisions
-
Navigations
-
Plugin communication and request processing
-
Stubs
-
About ATLAS
-
Approval chains
-
Sitemap
-
Cache
-
Themes
-
Access Log
-
Site Seach
-
Site users
-
CLIR Overview
-
CLIR processes outline
-
Integration of CLIR in Atlas
Users and groups are a key part of the Atlas security concept. The plugins in the system, which build these component start with com.tetracom.atlas.user
content access rights
These rights define what a user can do with the content items of a given content type. The access rights are:
-view – provides read-only access to content items of the given type
-add – adds content items of the given type
-delete - deletes content items of the given type
-final delete - performs final delete on content items of the given type
-classify – classifies the content items of the given type
-edit all - required to run post backup operations and reverts content items to one of their previous versions
-revert - allows the user to revert a content item to one of its previous versions
-backup – creates a new revision of the content item
system access rights
These rights define which functionalities of the system the user can work with. The access rights are:
-view – the user has read-only access to the given system area. This means that the properties of an entity are not editable.
-manage – the user has both read and write access.
There are three system area types. They are :
1. Domain related – content model, approval procedures, data filters, categorization trees and domain properties.
2. Site related – site properties, site structure, site content, site navigations and site functionalities.
3. Security and access related - user properties and actions, user access rights and groups.
approval access rights
These rights define which approval actions a user can perform on content items of a given content type. The access rights are:
-approve – allows the user to move a content item to its next approval step.
-unapprove – allows the user to move a content item to its previous approval step.
-reject - allows the user to move a content item to its first approval step.
access rights values
Any access right has one of the following values for every user in the system – allowed, denied or unspecified. For groups, the options are allowed and denied. Users who participate in a given group inherit its access right. The following access right principles apply for users and groups:
-
User access right values (different from unspecified) override group ones.
-
Users who are part of a group and have access rights with value unspecified inherit the value of the right from the parent group.
-
The access right value unspecified is treated as denied for users with no groups.
Apart from the access rights, each Atlas user has:
-user contact information : first name, last name
-account information : user name, password, owner domain, user status
-a set of groups, in which the user participates
Important classes:
AtlasUser, Group – these are the business objects for the user and group entities. The AccountInfo class contains the user account information, descirbed above.
ActionRight – contains the available options for the access right values – allowed, denied, unspecified
ContentAction – includes the content access rights
SystemAction – includes the system access rights
ApprovalAction – includes the approval access rights
UserContentRights, GroupContentRights – represent the specific user and group content rights.
UserSystemRights, GroupSystemRights – represent the specific user and group system rights.
UserApprovalRights, GroupApprovalRights – represent the specific user and group system rights.
Important services:
IUserSimpleService, IAccountService, IUserContentRightsService, IUserSystemRightsService, IUserApprovalRightsService – these services provide access to a user's general and account properties(the first two) as well as their content, system and approval access rights.
GroupService, UserContentRightsService, UserSystemRightsService, UserApprovalRightsService – group services, analogical to the user ones.
Security annotations:
The user access rights are used in method annotations, where the functionality requires specific permissions. For example:
@ContentSecurity ( action = ContentAction.ar_content_view )
public Map< ICTRelationProxy, ICiRelValue > getRelValues( IContentItem ci ) { ... }
The annotation above depicts that the user, who tries to execute the method must have the view content access right. Analogically, there are annotations for the system and approval access rights - @SystemSecurity and @ApprovalSecurity respectively.
 |
ATLAS (Applied Technology for Language-Aided CMS) is a project funded by the European Commission under the CIP ICT Policy Support Programme.