Security Permissions Administration Guide

Security permissions restrict access to resources in the portal. Portal resources (folders, links, pages, portlets) can be secured with either:

  • Security Constraints (based on Jetspeed-specific security constraints)
  • Security Permissions (based on a Java Security Policy)
The default security is Constraints as they are easier to configure by a portal administrator. The advantage of Permissions is that they are stored in a central repository in the Jetspeed database, and they adhere to the Java Security Standard. Both constraints and permissions inherit. Meaning that if you set a permission or constraint on a folder, it is inherited by all subfolders and pages. Permissions are an implementation of a Java Security Policy stored in a database.

A permission grants a permission to a security principal, either:

  • a role
  • a group
  • a user
  • or * for all users
A permission defines the action, which can be standard portlet modes:
  • view
  • edit
  • help
Or Jetspeed extended portlet modes:
  • edit_defaults
  • about
  • config
  • print

Permission Management

Permission Management is located on the fourth tab from the left on the Jetspeed Administrative Portlets page. It contains one portlet, Security Permissions, which allows you to set permissions for a role on three different resource types: portlets, folders, and pages.

The Permissions User Interface

The UI of the Permissions portlet is devided into the following sections:

UI section Description
Resource type tabs

Select the resource type you want to define permissions for by clicking on the corresponding tab.

The resource types are:

  • Portlets
  • Folders
  • Pages

Permissions listing

The list of permissions defined for the selected resource type. Each permission displays the resource name, the permitted actions, and the roles to which this permission applies.

Permission form

This form allows you to edit the permission selected in the list, or create a new permission.

"Roles" display a list of roles in which you can select the roles to which this permission applies, by checking the corresponding checkboxes.

"Actions" displays a list of actions in which you can select the actions that are permitted to the selected roles, on the selected resource, by checking the corresponding checkboxes. Available actions are:

  • View
  • Edit
  • Help
  • About
  • Config
  • Edit Defaults
  • Print

Finally, in the top right corner of the form are four buttons to create a new permission, or to save, revert or delete the selected permission.

Editing a Permission

To edit a permission, select one in the permission listing. The permission settings will be loaded in the form. Select the roles this permission should apply to by checking the appropriate checkboxes. Check the actions that you want to permit by checking the appropriate checkboxes. Save the permission by clicking on the "Save" button. As long as you have not saved, you can revert your changes by clicking on the "Revert" button.

Deleting a permission

To delete a permission, select on in the permission listing, and then click on the "Delete" button.

Creating a New Permission

To create a new permission, click on the "New" button. The "Resource" text field will be enabled for editing, enter the resource name here. The new permission will show up immediately in the listing. Select the roles and actions as described above for editing an existing permission. Click on "Save" to store the permission. If you decide you do not want to create the new permission after all, click on "Delete" to remove it.

Permission Usage

A security definition is referenced by portal resources to secure that particular resource. The following resources can be secured:

  • Folder: in the folder metadata
  • Page: in a PSML file
  • Link: in a .link file
  • Portlet Window: one instance of a portlet on a page
  • Portlet Definition: all instances of a portlet on all pages
  • Portlet Application: all portlets in a portlet application
Securing a resource is as simple as defining a permission definition using the administrative portlet defined above. You can do this from several areas of the portal:
  • 1. The Site Manager to secure a folder, page or link
  • 2. Portlet Application Manager, to secure a Portlet Application or Portlet Definition
  • 3. Config Mode, if available for a portlet, you can secure a portlet instance
Additionally, portlets can be secured in the deployment descriptors. See the deployment guide for more details.