1. Setting the access at the JCR root level
a. Inside JCR, WCM libraries are organized in a hierarchy with a common root. The security roles set on the content library root are propagated to all libraries.
b. By default, only administrators have access to work with Web content libraries. To allow other users to work with Web content libraries, such as virtual portal administrators, you have to assign them access to the JCR content root nod
2. There are three levels of access controls for web content .
a. Library : Library level access controls determine access to the library as a whole.
i. If granted, it provides an entry point to the library
ii. To render WCM objects in Rendering Portlet/Servlet, a user must be granted at least the User role on the library itself
iii. To access WCM objects in Authoring Portlet, a user must granted at least contributor access to a library
b. Item type per library : Item Type access controls define the item type views and tasks a user can access within the authoring portlet for particular library.
i. The permissions set for item types in a library do not automatically give you access to individual items. They only give you access to specific tasks and views within the authoring portlet . For example, a Manager to the Components type has access to the Purge and Unlock actions but, if that user does not also have Manager access to an individual component then the Purge and Unlock actions will not be enabled when that component is selected
ii. In production, not all user groups need to access every WCM feature. Like content authors doesn’t require “authoring templates” or “workflow” views..etc. By setting permissions at the item types we can accomplish use cases like that.
c. Item level : Item level access controls define the actions that a user can perform on an individual item.
i. library security is propagated by default to the library items. However, it is possible to override those permissions at the item level.
ii. Item level security management depends on whether the item has a workflow or not
1. Administrator defined security settings are provided for every item
2. If the item has a workflow, effective security settings are the combination of inheritance, administrator, and current workflow stage security settings
3. If the item does not have a workflow, effective security settings are the combination of inheritance, administrator, and user security
iii. Five different access levels (user, contributor, editor , manager and Approver) can be granted to every WCM item (Approver is only for the items that participate in workflow).
iv. Workflow settings depend on the current workflow stage and cannot be edited