How to protect a public instance from unauthorized activation
-------------------------------------------------------------
Key: DOCU-149
URL: http://jira.magnolia-cms.com/browse/DOCU-149
Project: Documentation
Issue Type: Task
Security Level: Public
Components: content
Reporter: Antti Hietala
Assignee: Ruth Stocks
Write a best practice for preventing unauthorized content activation to public
instance. The default Magnolia way to solve this is with an activation
workflow. Permissions to activate and approve content are granted to distinct
groups of users - typically editors can activate and publishers can approve.
This is already explained somewhat in [Workflow and inbox
access|http://documentation.magnolia-cms.com/administration/security/acl-examples.html#WorkflowandInboxaccess]
but the question keeps coming up in RFPs often enough that we should write a
dedicated answer. You can revise the existing article, new page not necessary.
Points to cover:
* Activation workflow. Can have multiple: website, dms etc.
* Organizing responsibilities through groups and roles. Talk about the default
roles since they work fine to solve this issue.
* How to grant/restrict access to Activate command
* How to grant/restrict access to workitems in inbox
* How to grant/restrict access to Approve command
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
