Configuring the Users and Groups

Documentation for CQ 5.2 WCM
Prev		Next

PDF doc | Archives | Javadoc | CQ 5.1 WCM doc

> > >

Configuring the Users and Groups

Contents

Accessing User Administration with the Security Console
Filtering Users and Groups
Hiding Users and Groups
Creating Users and Groups
Deleting Users and Groups
Modifying User and Group Properties
Changing a User Password
Groups - adding a User or Group to a Group
Members - adding Users or Groups to a Group
Setting Page Permissions
Setting Replication Privileges
Setting Privileges
Impersonating Users
Setting User and Group Preferences

Users include people using the system and foreign systems making requests to the system.

A group is a set of users.

Both can be configured using the User Administration functionality within the Security Console.

Accessing User Administration with the Security Console

You access all users, groups, and associated permissions using the Security console. All the procedures described in this section are performed in this window.

To access CQ WCM security, do one of the following:

From the welcome screen, or various locations in CQ WCM, click the security icon.

Navigate directly to http://localhost:<port>/libs/security/content/admin.html. Be sure you log in to CQ WCM as an administrator.

The following window displays:

The left tree lists all the users and groups currently in the system, You can select the columns you want displayed, sort the contents of the columns and even change the order in which the columns are displayed by dragging the column-header to a new position.

The tabs provide access to various configurations:

Table 10. Security Console

Tab	Description
Filter box	A mechanism for filtering the users and/or groups listed. See the section called “Filtering Users and Groups”.
Hide Users	A toggle switch which will hide all users listed, leaving only groups. See the section called “Hiding Users and Groups”.
Hide Groups	A toggle switch which will hide all groups listed, leaving only users. See the section called “Hiding Users and Groups”.
Edit	A menu allowing you to create and delete users or groups. See the section called “Creating Users and Groups” and the section called “Deleting Users and Groups”.
Properties	Lists information about the user or group that can include email information, a description, and name information. Also allows you to change a user's password. See the section called “Creating Users and Groups”, the section called “Modifying User and Group Properties” and the section called “Changing a User Password”.
Groups	Lists all groups that the selected user or group belongs to. You can assign the selected user or groups to additional groups, or remove them from groups. See the section called “Groups - adding a User or Group to a Group”.
Members	Available for groups only. Lists the members of a particular group. See the section called “Members - adding Users or Groups to a Group”.
Page Permissions	Lets you control the permissions related to particular pages. You can allocate permissions to a user or group. See the section called “Setting Page Permissions”.
Replication Privilege	Replication privileges allow the user to replicate content to another environment (usually from author to publish). You grant replication privileges according to a path. Privileges can be allocated to a user or group. See the section called “Setting Replication Privileges”.
Privileges	Lets you allocate privileges, such as hierarchy modification, which gives the ability to create and delete pages. See the section called “Setting Privileges”.
Impersonators	Lets another user impersonate the account. Useful when you need a user to act on behalf of another user. See the section called “Setting User and Group Preferences”.
Preferences	Sets preferences for the group or user. For example, language preferences. See the section called “Impersonating Users”.

Filtering Users and Groups

You can filter the list by entering a filter expression, which hides all the users and groups that do not match the expression. You can also hide users and groups by using the Hide User and Hide Group buttons. See the section called “Hiding Users and Groups”.

To filter users or groups:

In the left tree list, type your filter expression in the space provided. For example, entering min displays all users and groups containing this string.
Click the magnifying glass to filter the list.
Click the x when you want to remove all filters.

Hiding Users and Groups

Hiding users or groups is another way to filter the list of all users and groups in a system. There are two toggle mechanisms. Clicking Hide User hides all users from view and clicking Hide Groups hides all groups from view (you cannot hide both users and groups at the same time). To filter the list by using a filter expression, see Filtering users and groups.

To hide users and groups:

In the security window, click Hide Users or Hide Groups.
To make either users and/or groups reappear, click the corresponding button again.

Creating Users and Groups

To create a new user or group:

In the Security window tree list, click Edit and then either Create User or Create Group.
Enter the required details, according to whether you are creating a user or a group.
1. If you select Create User, you enter the Login ID, first and last name, email address and a password.
2. If you select Create Group, you enter a group ID and an optional description.
Click Create. The user or group you created appears in the tree list.

Deleting Users and Groups

To delete a user or group:

In the Security window, select the user or group you want to delete. If you want to delete multiple items, Shift+click or Control+click to select them.
Click Edit, then select Delete. CQ WCM asks whether you want to delete the user or group.
Click OK to confirm or Cancel to cancel your action.

Modifying User and Group Properties

To modify user and group properties:

In the Security window, double-click the user or group name you want to modify.
Click the Properties tab, make the required changes and click OK.

Changing a User Password

To modify a user's password:

In the Security window, double-click the user name you want to change the password for.
Click the Properties tab (if not already active).
Click Set Password, a new dialog will open where you can enter the new password:
Enter the new password twice; as they are not displayed in clear text this is for confirmation - if they do not match, the system will show an error.
Click Set to activate the new password for the account.

Groups - adding a User or Group to a Group

The Groups tab shows you which groups the current account belongs to. You can use it to add the selected account to a group:

Double-click the name of the account (user or group) that you want to assign to a group.
Click the Groups tab. Now you will see a list of groups that the account already belongs to.
In the tree list, click the name of the group you want to add to the account to and drag it to the Groups pane. (If you want to add multiple users, Shift+click or Control+click those names and drag them.)

Members - adding Users or Groups to a Group

The Members tab only works for groups and shows you which users and or groups belong to the current group. You can used it to add accounts to a group:

Double-click the name of the group you want to add members to.
Click the Members tab. Now you will see which users and/or groups already belong to this group.
In the tree list, click the name of the user you want to add to the group and drag it to the Members pane. (If you want to add multiple users, Shift+click or Control+click those names and drag them.)
After you have added all the users to your group, click Save.

Setting Page Permissions

To add, modify or delete page permissions, which enables you to allow or deny the right to perform actions on specific resources:

Double-click the name of the user or group you want to add page permissions to.
Click the Page Permissions tab. The tree map will open.
Select the page you want to add permissions for (or modify, or delete):
Double-click the permission state that you want to change. A drop down list will show the possible states. See the section called “Permissions”.
Change as required and click Save.

Setting Replication Privileges

Replication privilege is the right to publish content, and it can be set for groups and users.

To set replication rights:

Select the user or group from the list, double-click to open, and click Replication Privilege.
Click Add. CQ WCM opens a tree list of the site.
Navigate to the page you want to give the user or group replication privileges to and double-click for it to be selected and listed in the main pane.
The red corner indicates that the item listed has not been saved yet.
The Authorizable column shows through which user or group the permissions are being applied.
Click Save to save your changes.

	Note
	Any replication rights applied to a group apply to all the users in that group. A user's replication privileges supersedes a group's replication privileges. The Allow replication rights have a higher precedence than the Deny replication rights. See the section called “Access Control Lists and how they are evaluated” for more information.

Setting Privileges

Privileges are used to assign access to the functionality within the application.

Standard privileges included in the installation of CQ WCM are for modifying the hierarchy; in other words, creating or deleting pages.

	Note
	The list of privileges available may be extended for your project.

Select the user or group from the list, double-click to open, and click Privileges.
The privileges available will be shown. Select Grant or Deny as required.
Click Save to save your changes.

Impersonating Users

You can specify one or more users that are allowed to impersonate the current user. This means they can switch their account settings to those of the current user and act on behalf of this user.

	Note
	Use this function with caution as it may allow users to perform actions that their own user cannot. When impersonating a user, users are notified that they are not logged in as themselves.

There are various scenarios when you may want to use this functionality, including:

If you are out of the office, you can let another person impersonate you while you are away. By using this feature, you can make sure that somebody has your access rights and you do not need to modify a user profile or give out your password.
You can use it for debugging purposes. For example, to see how the Web site looks for a user with restricted access rights. Also, if a user complains about technical problems, you can impersonate that user to diagnose and fix the problem.

To impersonate an existing user:

In the tree list, select the name of the person who you want to assign other users to impersonate. Double-click to open.
Click the Impersonate tab.
Click the user you want to be able to impersonate the selected user. Drag the user (who will impersonate) from the list to the Impersonate pane. The name appears in the list.
Click Save.

Setting User and Group Preferences

To set user and group preferences:

Select the user or group whose preferences you want to change in the left-hand tree. To select multiple users or groups, Ctrl+click or Shift+click your selections.
Click the Preferences tab.
Make changes, as necessary to the group or user preferences and click Save when finished.

Prev	Up	Next
Authorization for CQ WCM - The Concepts	Home	Working with Workflows