-
Notifications
You must be signed in to change notification settings - Fork 1
Configuring Domain Access
- Controller functions that manipulate globally relevant objects typically require (at least)
WRITEprivileges for the affected domain class. - Domains with
READaccess will be shown in the Search dropdown - Domains with
CREATEaccess will be shown in the Create dropdown - Search results and the display of single resources require
READaccess - TagLib functions generally check for
WRITEprivileges - In some places hyperlinks will be displayed differently based on access (i.e. a field on an object with a linked User might be shown as plain text, a link to the User resource (READ on User), or a dropdown (WRITE on object + READ on User))
GOKb uses Spring Security ACL to secure access on a domain class basis. Access to each domain is bound to a KBDomainInfo object. These objects will be created on the first start of the application.
By default, GOKb does not grant any permissions to User Roles. To start with a default selection of permissions, you should run (as a User with ROLE_SUPERUSER) the admin function setupAcl.
By default, any user with the ROLE_SUPERUSER (like the default admin account) will be able to see all domain classes with an existing display template in their Search dropdown. Selecting Domains will give an overview over all KBDomainInfo objects. The display template shows various general settings like a sort order for the domain, as well as a matrix representing the role permissions for the selected domain class. Here, different permissions can be granted or revoked on a per-role basis. Permissions can also be edited via the Security UI, although this is a lot more inconvenient compared to the previous method. New Permissions can be generated at /aclEntry/create.
In the same overview, the sorting and grouping of navigation menu items can be configured. In the head of each domain view, a group can be allocated via Type/Category and an order can be determined via Sort Order. New groups can be added in the Refdata Category DCType. In the navigation menu, groups are separated via horizontal lines.