In CMS Fiona, administrative tasks can only be performed if the
user concerned has the corresponding global permission. For example, to
modify the runtime configuration (fields, file formats, workflows, channels)
of the CMS, permissionGlobalRTCEdit
is required.
If you are using an external directory service (LDAP, ADS) instead of the user manager built into Fiona, you can grant permissions to users by adding the users to a user group whose name follows a convention. After making this convention known to the CMS, the CMS will query the group corresponding to the permission in question for membership of the user who requires this permission.
First, create in the external user manager a user group for each
permission you require. The group name must correspond to the permission
name, optionally extendey by a prefix or a suffix or both. An example using
admins_
as a prefix:
admins_permissionGlobalRoot admins_permissionGlobalRTCEdit admins_permissionGlobalMirrorHandling
Make this naming convention known to the CMS by specifying it in the
cmsInstallDir/instance/instanceName/config/um_external.xml
file:
<globalPermissionResolver> <name>group</name> <properties> <groupNameFormat>admins_%s</groupNameFormat> </properties> </globalPermissionResolver>
The groupNameFormat
element contains the format
of the group name used for global permissions. %s
stands for the name of the global permission.
Grant the permissions to the users by adding the users to the corresponding user group. Repeat this step until all permissions are granted as desired.
Now restart the CM.
If there is no need to distinguish between individual permissions, i.e. if
you are granting either none or all of them, it is sufficient to create only
one user group in the directory service and specify the name of this group in
the groupNameFormat
element in the configuration above.