Anchor | ||||
---|---|---|---|---|
|
XperienCentral has a flexible component for maintaining backend users (casual users, editors, developers, and application managers) and their privileges. The authorizations are assigned at the role level (type of responsibility). The roles determine which websites (or parts thereof) a user may maintain, which functionalities may be used, and which content elements the user may work withUsing personalizations, you can select which content is available for which users. Personalization can be set at the page, page section, content element, form and Content Repository level. Visitors' data can also be displayed on a content item.
Maintaining data in the profile and recording the visitor's behavior allows offering information targeted for that visitor. Once a visitor's area(s) of interest are identified, you can display content that is targeted toward their interests. This also provides the website visitor with a better experience.
To access the Authorization panel, navigate to Configuration > Authorization.
...
Table of Contents | ||||
---|---|---|---|---|
|
Components
The authorizations within XperienCentral are divided into two types:
- Users of the Workspace — XperienCentral backend users such as editors, application managers, and developers, and their privileges to configure settings and define pages. These users belong to one or more roles.
- Registered website visitors — You can control which content visitors to an XperienCentral website (frontend) have permission to view. In XperienCentral, these visitors referred to as web users. Web users belong to web groups. Permissions for web users are enforced at the web group level. For complete information on web users, see User Profiles.
In the Workspace environment, authorization management has been further divided into the following components:
- Authorization - Users — This component manages users of the Workspace and their privileges. The authorizations are assigned at the role level and determine which operations a user may perform in the various parts of XperienCentral. XperienCentral comes with a standard set of users, roles and permissions.
- Authorization - Roles & Permissions — This component enables administrators to modify the basic set of users, roles and permissions. The administrator can create and maintain users, create and maintain roles and assign permissions to roles.
Another related functionality is Workflow. Workflows control the allowed transition from one state to another for content items before they are allowed to be published on the web. The website administrator defines these states and configures their behavior. The states are then linked to user roles, which gives actual shape to the workflow. This XperienCentral functionality is based on the standards defined by the Workflow Management Coalition (WfMC).
...
Role Based Access Control (RBAC)
...
Roles and permissions
Role Based Access Control (RBAC) avoids the need to assign permissions to each user individually. Instead, permissions are assigned to roles. A role is a functional or organizational job description in which users sharing the same role share the same tasks. These roles then are assigned to users. The permissions of a role determine which operations a user may perform. RBAC is considerably less labor intensive than assigning permissions to each user individually. A user may have more than one role. An example of a permission is "Edit pages", which grants the permission to modify a page.
In the example above:
- User "John" has the role "Casual user" and therefore has permission to edit pages and maintain forms.
- User "Paula" has role "Editor", therefore she has further the permission to delete pages and maintain form models. Permission assignments may overlap one another, which is the case here for maintaining forms.
XperienCentral comes with a default set of roles and permissions, see Standard Authorization Data for more information.
Permission groups
Nevertheless, defining proper permissions for each role may be a quite laborious operation. For this reason permission groups are introduced. A permission group is a default set of permissions which can be assigned to a role at once. A permission group assigned to a role will implicitly assign all permissions contained by that permission group to that role.
In the example above, role A has permissions b, c, e, f, g and i for the following reasons:
- Permission b and c through permission group A.
- Permission e, f and g through permission group B.
- Permission i through direct assignment.
XperienCentral comes with a standard set of permission groups, see Default Authorizations for more information.
Permission inheritance
Permissions can be assigned in two ways: directly and by means of permission groups. To make things even more flexible, a third way has been introduced: permission inheritance.
With permission inheritance, a role has assigned another role to it from which it inherits all permissions which means a child role gets all permissions from its parent role, irrespective of how these permissions have been assigned to the parent role.
In the example above, role B inherits all permissions from role A. So, referring to the example above, role B has the following permissions:
- Permissions b, c, e, f, g and i through inheritance.
- Permission d through direct assignment.
...
...
XperienCentral comes standard with the users, roles and permission groups listed below.
...
Developers are treated in a different way than all other users. Unlike all other users developers are able to:
- View other users with developer permissions.
- Assign the permission group "Developer permissions" to roles.
- Assign the role "Developer" to users.
- Directly assign to roles: permissions of the category "Developer tools".
Basic set of permission groups by category
XperienCentral comes with five standard permission groups. In the "Roles" tab of the Authorization anel you can see which permissions each role has or can be assigned.
...
Maintaining Roles
Selecting and Viewing a Role
To select and view a role:
- Navigate to Configuration > Authorization and then click the [Roles] tab.
- Select the desired role from the drop-down list next to "Select a role".
- Click the [Details] tab to view the details for the role.
- Click the [Permissions] tab to view the permissions for the role.
...
To create a role:
- Navigate to Configuration > Authorization and then click the [Roles] tab and then the [Details] tab.
- Click [Create new role] in the "Role Selection" section.
- Enter a name for the new role in the "Role name" text field and then click [Apply].
- Define the other properties for the role.
...
To make a role available to all web initiatives in a XperienCentral installation:
- Select the desired role on the [Roles] - [Details] tab.
- Select "Available on all Channels".
- Click [Apply].
...
A role may have one or more users and a user may have one or more roles. You can assign users and roles to one another in two ways:
- From the user point of view, see Assigning a Role to a User.
- From the role point of view.
To assign a user to a role:
- Select the desired role from the [Roles] - [Details] tab.
- Select the desired user from the "Add user" drop-down list. The user is added to the list.
...
You can also separate users and roles from one another in two ways:
- From the user point of view, see Removing a Role from a User.
- From the role point of view.
To remove a user from a role:
- Select the desired role from the [Roles] - [Details] tab.
- In the list "Users assigned to this role", select the "Delete" checkbox next to the user to be removed.
- Click [Apply]. The user is removed from the list.
Assigning Permissions to a Role
The actual permissions a role gets is determined by the following:
- The permissions it inherits from another selected role.
- The permissions it gets from the assigned permission groups.
- The permissions that have been added directly to the role.
Inherited permissions and group permissions may overlap one another.
To assign permissions to a role:
- Select the desired role from the [Roles] - [Details] tab.
- To select the role to inherit from: select a role from the "Inherits all permissions from" drop-down list.
- To add a permission group, select a permission from the "Add permission group" drop-down list. The permission group is added on top of the drop-down box.
- To assign a permission directly: select the [Permissions] tab and select the desired permission(s).
- Click [Apply].
Removing Permissions from a Role
To remove permissions from a role:
- Select the desired role from the [Roles] - [Details] tab.
- To remove all inherited permissions, : select "Select a role" from the "Inherits all permissions from" drop-down list.
- To remove a permission group: in the list "Permission groups" section, select the "Delete" checkbox next to the permission group you want to remove. A pop-up message prompts you to copy the group permissions to the role directly. When you click [OK] the selected permission group is unassigned from the current role and all permissions from the unassigned group are assigned directly to the current role. If you click [Cancel] the permission group is unassigned from the current role and the role loses all permissions from the unassigned group.
- To remove directly-added permissions: select the [Permissions] tab and clear the permissions to be removed.
- Click [Apply].
...
To delete a role:
- Select the role to be deleted from the [Roles] - [Details] tab.
- Click [Delete role]. The role is removed from the "Select a role" drop-down list.
...
To find and view a user:
- Navigate to Configuration > Authorization and click the [Users] tab.
- To show a list of users:
- Click "All users" to see the full list.
- Click on a letter range to get a partial list of login names.
- Click on the arrow in the "Login" column to toggle between alphabetical sorting in ascending (A-Z) and descending (Z-A) order.
- To view the details for a user: click on the desired user in the list. The user details appear below the user.
...
Maintaining Users
Creating a User
To create an new user:
...
- Is at least 8 characters long.
- Is significantly different than the previous passwords used by this user.
- Contains a mix of uppercase and lowercase letters.
- No string of letters spells out a word that appears in the dictionary of the language of the user.
- Contains one or more numbers, but the numbers do not represent anything associated with the user such as their birthdate, age, house address, and so forth.
- Contains one or more special characters. A special character is anything that is not a letter or a number or a space.
- Does not contain any string of letters that spell the user's first or last name, their company name, their job description, their nickname, or any other word that could be associated with them personally.
...
Note |
---|
For security reasons, if you create/modify a user's password, the first time that they log in to XperienCentral after the change, they must change their password. The only exception to this rule is when you change your own password. |
...
Note |
---|
This option is only available if the option enable_backend_container_filter in the "website_settings" section of the General tab of the XperienCentral Setup Tool is selected. |
...
Modifying a User
To modify a user's details, follow these steps:
- Select the desired user by navigating to Configuration > Authorization and then click the [Users] tab.
- Modify the user's details.
- Click [Apply].
Note |
---|
For security reasons, if you modify a user's password, the first time that they log in to XperienCentral after the change, they must change their password. The only exception to this rule is when you change your own password. |
...
In order to have access to XperienCentral, every user must have at least one role. You can assign users and roles to one another in two ways:
- From the role point of view, see Assigning a User to a Role.
- From the user point of view.
To assign a role to a user:
- Select the desired user by navigating to Configuration > Authorization and then click the [Users] tab.
- Select the desired role from the "Add role" drop-down list. The role is added to the list.
...
You can separate roles and users from one another in two ways:
- From the role point of view, see Removing a User from a Role.
- From the user point of view.
To remove a role from a user:
- Display the desired user by navigating to Configuration > Authorization and then clicking the [Users] tab.
- In the "Assigned roles" list, select the "Delete" checkbox of the role that is to be removed.
- Click [Apply]. The role is removed from the list.
...
To delete a user:
- View the user that is to be deleted by navigating to Configuration > Authorization and then clicking the [Users] tab.
- Do one of the following:
- In the list of users, select the "Delete" checkbox next to the user that is to be removed. Click [Apply].
- In the "User details" section, click [Delete user].
...
To allow users of another website (web initiative) to access to this website, their user data can be imported. Imported users maintain the same user name and password. Different websites, however, can have different permissions assigned to their roles.
To import users:
- Navigate to Configuration > Authorization and then click the [Import] tab.
- Select the website to import users from
- Check the users to be imported to your current site and click [Apply].
Generating an Application Key for a User
...
Overview
Personalizing content makes the following possible:
- User registration with advanced filters/preferences in a personal profile that are maintained with a login name and password.
- Showing specific content that fits a user's profile.
- Making page parts conditional by, for example, showing an image or a paragraph only if the visitor is logged in.
- Blocking specific pages for certain visitors.
- Showing information from the session on the website (e.g., Welcome <username>).
- Partially completing forms by inserting known data.
- Storing personal information on the server.
- Generating forums and community discussions based on the user's profile.
- E-mailing newsletters based on the user's profile.
The personalization function does not necessarily require visitors to log in, however this can have an effect on the content that is available to them. For example, on an airline website, all users can search for flight information, but in order to book a flight, they must be logged in.
To personalize content, you must perform the following steps:
- Create the XSLT expressions that trigger personalized content.
- Personalize the content elements to show the targeted content.
- Personalize one or more content items.
- Test the personalizations.
An Editor can add personalization quickly and easily while editing an content item in the Editor. For complete information about personalizing content, see Personalizations.
...
Creating XSLT Expressions
XSLT expressions define the conditions in which specific content is shown to a website visitor as part of a personalization. To create an XSLT expression, follow these steps:
- Navigate to Configuration > Personalize.
- Click the "XSLT Expressions" tab.
- Select <New expression> from the "Select" menu.
Define the following properties:
Property Description Category The category (if any) to which this expression belongs. Available Specifies whether this expression is available for use. Type The options are: - Condition: XPATH expression that generates 'true'.
- Choose: The same as 'Condition' but with a redirect to another page if the expression generates 'false'. The login page is the default.
- Select: An XPATH expression that retrieves information from an XML structure.
- XSL: An XSL template, for all other options.
Show links Selecting 'Yes' displays a protected page on the menu. For users with insufficient rights, this has no effect. The visitor will be redirected to the login page and will be able to access the desired page if he or she logs in. XSLT XSLT code (for type 'XSL') or XPATH expression (for other types). Examples:
Condition
/root/system/user/sex = '1'
(Verify that the visitor is male.)
Choose
count(/root/system/user/username) > 0 and (/root/system/user/username) = 'administrator'
(First, verify that the 'username' tag exists and then that the user is the administrator.)
Select
/root/system/user/firstname
(Retrieve the first name.)
XSL
<xsl:value-of select="/root/system/user/firstname"/>
<xsl:text > </xsl:text>
<xsl:value-of select="/root/system/user/lastname"/>
(Retrieve first name + space + last name.)Assigned to If this expression is used in one or more presentation models, the models are listed here. Test XSLT Tests the XSLT code to ensure that it is correct.
...
Combining Expressions in Personalizations
Combinations of expressions can be created. You can specify whether the combination should be complete (with an AND operator) or if at least one of the expressions should conform (with an OR operator). A test is done to determine whether the total XSLT expression's syntax is correct.
Define the following properties:
Property | Description |
---|---|
Name | The name of the model. |
Category | Specifies the category, if any, to which this personalization belongs. |
Available | Specifies whether this personalization is available for use. |
Operator | The operator to use. The options are AND and OR. |
Use NOT operator | Surrounds the entire expression with a NOT operator. |
Show links | Selecting 'Yes' displays a protected page on the menu. For users with insufficient rights, this has no effect. The visitor will be redirected to the login page and will be able to access the desired page if he or she logs in. |
Assigned expression | Displays the expression assigned to this personalization model. |
Total expression | The XSLT code of the combined expression. |
Test XSLT | Tests the XSLT code to ensure that it is correct. |
...
Usage
The Usage tab shows which XSLT expressions and personalization models are assigned to pages and page sections. The on the page that the expression or model is assigned also appears. When you click a page title in the list, XperienCentral navigates to that page or page section in the Editor.
...
Categories
On the Categories tab you can create categories to which you can assign personalizations and expressions. This makes it easier to organize your personalizations and expressions into groups.