Liferay6 organization and permission Architecture

Document directory

• User (users)
• User Group)
• Role)
• Organization)
• Community)
• Team (teams)

Before you study how to add and maintain user interfaces for various portal resources, it is best to understand some concepts of liferay portal.

1. The portal is accessed by users.

2. Users can be added to user groups.

3. Users can belong to an organization.

4. The organization can be divided into different layers, such as the General Office> Regional Office> affiliated office.

5. Users, user groups, and organizations can belong to communities with common interests.

6. In organizations and communities, users can belong to a team in the community and organization for special reasons ).

The simplest understanding of the above statement is that system users can combine them in multiple ways. Some combinations follow a management organization level, other combinations may be defined by the user (for example, different users from different organizations create dog-loving communities that share a common interest in dogs ). Other categories may be managed by roles, this role is designed for some functions that can be used across the portal (for example, a message board administrator role is composed of users from multiple communities and organizations, allows these users to manage message boards anywhere in the portal ).

The concept of this organizational portal can be explained in the following ways:

In the following description, each arrow can be replaced by "one of them", which means that the organization can be a member of the community, and the community can be a member of the role, users can be any member. Although this seems complicated, it provides a robust way and mechanism for portal administrators to configure portal resources and security. Note that this graph only shows the users and their collections. Permissions cannot be associated with all these sets. They can only be assigned to roles.

The team exists independently in the organization and community. The team can only be used in the created organization and community, and the role (role) created in the community and organization can only be used in the Community and organization. This means that although each organization and community in the portal has a role configured with permissions, the role qualifications in each community and organization are different.

User (users)

Users represents the physical users of the system and is the user account used by people to log on to the system. By default, users can obtain private communities that they can manage and have public and private pages. administrators can disable or lock the content. However, this private space is very important: users can have their own public blogs, private calendars, and personal document storage.

You can collect users in multiple ways. They can be members in a layered organization, such as liferay, which includes security → Internet security. Users can belong to special user groups, such as blog groups, so that users can create blog carriers in their private space. They can also be members in communities of the same interest. Users can also have their own roles to describe their functions in the system. The scopes of these roles can enable portals, organizations, or communities.

User Group)

A user group is a simple and exclusive set of users created by the Administrator. They can be members of a community or role. Permissions cannot be assigned to user groups. Although a user group does not have a page set like some other user sets (such as communities or organizations. However, they have page templates that can be used to customize users' private page sets. This will be described in detail later.

Role)

Liferay has three types of roles:

L portal role

L organizational role

L community roles

These are called role scopes. A role is used to define permissions within its scope: to act on the portal, to the organization, or to the community. For example, to authorize a role to create a message board, a portal role (portal role) allows access within the portal, regardless of whether the message board is anywhere in the portal. A community role only authorizes users to access message boards in the community. An organizational role only grants access to message boards in a specific organizational unit.

Because roles are strictly used for portal security, they cannot own their own pages like communities and organizations.

Users, user groups, communities, and organizations can all be role members.

Organization)

An organizational unit is a hierarchical set of users. It is one of two types of portal resources that can have pages. There is also a special organization called location, which can be used to define the special location of the user.

Organizations can easily define users' locations in a special hierarchy. For example, if you implement a liferay portal for a large enterprise and use Joe Smith's location in the organizational structure, it can help define Joe Smith users. If Joe Smith is a sales engineer in the New Jersey office and works in the sales department in the Northeast, he may be a member of the following organization:

L sales

L Northeast

L New Jersey

Now, if a static Portlet named asset publisher is placed on each user's homepage (implemented through the user group page template, you can use the content management system to notify employees of many announcements. As long as the content is properly marked, Joe Smith can ensure that he receives all sales-related announcements in the Northeast or New Jersey.

An organization can be a member of a community.

Community)

The Community is a collection of users of common interest. The default liferay page is part of the Community named after the portal, because both anonymous users and portal users need to access the default public page of the site. There are three different types of communities:

L open)

L restricted (restricted)

L hidden)

The open community (default) allows users to join or exit freely at any time, and add them to accessible pages using the control panel or a community Portlet. Only Community administrators in restricted communities can add users. You can use the control panel or communities Portlet to apply for a user. The hidden community is similar to the restricted community. In particular, it is not displayed in the control panel or communities Portlet. The hidden community must be a Community administrator to add users.

Team (teams)

A team exists independently in each community and organization. A team is essentially a set of users that can be created in the community. Unlike organizations and communities, a team only appears in the organizations and communities where it is created. This is useful when you need to create a group of users for some special purposes in a community or organization, but you do not need to use them in every community or organization in the portal.

Team is also essential in some application scenarios because they can be created by the community or organization administrator. The community and organization Administrators cannot create roles. Therefore, they can manage permissions at a certain level through the Team, which cannot be done before the team is available.