Groups - Bloomreach Experience - Open Source CMS
06-12-2019

Groups

Groups are sets of users with a common organizational or functional responsibility. Users which are member of a group automatically inherit all its userroles and the roles granted to it within specific security domains.

Groups Configuration

The groups are stored in the repository under path /hippo:configuration/hippo:groups as children of hipposys:groupfolders nodes. These folders can be nested in the same way as user folders. A group is represented by a single node with the group name used for the node name. The members of the group are stored in the multi valued property hipposys:members and are referenced by their name, which is equal to the user its node name.

Although the group node type has a hipposys:groups property, nested groups are not (yet) supported.

Groups can be managed by the CMS or synchronized with an external source like LDAP. For groups that are managed from the CMS the hipposys:group node type is used. For externally managed users the hipposys:externalgroup type can be used. The hipposys:securityprovider property specifies which security provider manages the group. For CMS managed groups the provider is internal.

If a group is marked as a system group by setting the property hipposys:system to true, the group is protected and hidden from the CMS setup management UI.

Node type definitions

hipposys:group

[hipposys:group] > nt:base
- hipposys:securityprovider (string) = 'internal' mandatory autocreated
- hipposys:system (boolean)
- hipposys:members (string) multiple
- hipposys:groups (string) multiple
- hipposys:description (string)
- hipposys:userroles (string) multiple

Name

Type

Required

Description

node name

String

yes

the group name

hipposys:system

Boolean

no

Can be used to indicate that the group is a system group and should be hidden from the Bloomreach Experience Manager group management.

hipposys:members

String

yes

the username of the user that is member of the group. Multiple hipposys:members can be set with each containing one username.

hipposys:groups String no not used/implemented

hipposys:description

String

no

A description of the group

hipposys:userroles String no The set of userroles assigned to the group

hipposys:externalgroup

[hipposys:externalgroup] > hipposys:group
- hipposys:syncdate (date)
- * (string)

hipposys:groupsfolder

[hipposys:groupfolder] > nt:base
+ * (hipposys:group) = hipposys:group
+ * (hipposys:groupfolder) = hipposys:groupfolder

Example group configuration

/hippo:configuration:
  /hippo:groups:
    /admin:
      jcr:primaryType: hipposys:group
      hipposys:members: [ admin ]
      hipposys:userroles: [ xm.default-user.system-admin ]
    /mygroup:
      jcr:primaryType: hipposys:group
      hipposys:members: [ ann, robbert, mary ]
      hipposys:userroles: [ my.author ]

Default provided groups

name userrole members system description
author xm.default-user.author   no members of this group can edit content
editor xm.default-user.editor   no members of this group can edit and (de)publish content
webmaster xm.default-user.webmaster   no members of this group can edit the HST configuration and configure channels
admin xm.default-user.system-admin
xm.repository-browser.user
  no members of this group have all privileges
cms-admin xm.default-user.cms-admin   no members of this group have CMS administrative privileges
everybody   * yes every logged in user is automatically member of this group
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?