Set Permissions When Using Workflow in the Delivery Tier

Introduction

Goal

Set permissions to enable the site application to perform document workflow actions.

Background

By default, the sitewriter user used by the delivery tier has write access to the node /formdata. If you want to use workflow within the delivery tier to persist content beans as documents through the WorkflowPersistenceManager, then the sitewriter user must also have editor or author privileges on folders and documents.

Configure Permissions

The most straightforward way is to give the sitewriter user the same privileges as the author or editor group on folder and documents. You cannot do this via the Setup > System in the CMS because sitewriter is a system user, so you need to do this via the Console.

Preliminary

Log in to the Console as admin and make sure that Auto-export is enabled.

Grant the Sitewriter User Author or Editor Privileges on Folders and Documents

In the console, at /hippo:configuration/hippo:users/sitewriter, add the following value to the hipposys:userroles property:

  • xm.content.editor

(if only author privilege is required use xm.content.author instead of xm.content.editor)

With the above user roles added, the sitewriter user will have editor privileges on folders and documents which supports the delivery tier workflow for sitewriter. Note however that the application needs to be restarted to have effect on the sitewriter user. This is because the sitewriter comes from a pool and is being reused and not logged in again, and only on a new login the new userrole is added. 

Optional: Improve the Auto-Exported Configuration

As a result of the above addition of a user role to sitewriter, auto-export will have created the file repository-data/application/src/main/resources/hcm-config/configuration/users/sitewriter.yaml locally containing:

definitions:
  config:
    /hippo:configuration/hippo:users/sitewriter:
      hipposys:userroles:
        .meta:category: system
        .meta:add-new-system-values: true
        type: string
        value: [xm.form.writer, xm.content.editor]

Auto-export cannot export this cleaner, however, instead of having the entire hipposys:userroles property defined again, it is cleaner to change the contents of sitewriter.yaml into:

definitions:
  config:
    /hippo:configuration/hippo:users/sitewriter:
      hipposys:userroles:
        operation: add
        value: [xm.content.editor]

such that only the required addition is being done.

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?