Set Permissions When Using Workflow in the Delivery Tier - Bloomreach Experience - Open Source CMS
06-12-2019

Set Permissions When Using Workflow in the Delivery Tier

Introduction

Goal

Set permissions to enable the site application to perform document workflow actions.

Background

By default the sitewriter user used by the delivery tier has write access to the node /formdata. If you want to use workflow within the delivery tier to persist content beans as documents through the WorkflowPersistenceManager, then the sitewriter user must also have editor or author privileges on folders and documents.

Configure Permissions

The most straightforward way is to give the sitewriter user the same privileges as the author or editor group on folder and documents. You cannot do this via the Setup > System in the CMS because the sitewriter is a system user, so you need to do this via the console.

Preliminary

Log in to the Console as admin and make sure that Autoexport is enabled.

Give the sitewriter author or editor privileges on folders/documents

In the console at /hippo:configuration/hippo:users/sitewriter to the hipposys:userroles add

xm.content.editor

(if only author privilege is required make it xm.content.author)

After the above, the sitewriter will have editor privileges on folders and documents which supports the delivery tier workflow for the sitewriter. Note however that the application needs to be restarted to have effect on the sitewriter user. This is because the sitewriter comes from a pool and is being reused and not logged in again, and only on a new login the new userrole is added. 

Optionally: Improve the auto-exported configuration

As a result of the above addition of a userrole to the sitewriter, auto-export will have created the file sitewriter.yaml locally contaning:

definitions:
  config:
    /hippo:configuration/hippo:users/sitewriter:
      hipposys:userroles:
        .meta:category: system
        .meta:add-new-system-values: true
        type: string
        value: [xm.form.writer, xm.content.editor]

Auto-export cannot export this cleaner, however, instead of having the entire hipposys:userroles property defined again, it is cleaner to change the sitewriter.yaml into:

definitions:
  config:
    /hippo:configuration/hippo:users/sitewriter:
      hipposys:userroles:
        operation: add
        value: [xm.content.editor]

such that only the required addition is being done.

 

 

 

 

 

 

 

 

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?