My question/inquiry relates to roles/permissions and how they relate to content visibility (in Content Explorer). In our dev Rhythmyx environment, I recently removed a number of non-technical users from the “admin” role (although they maintain status in other roles). As a result, I am now being told that they cannot see (all of the) content in the (right-hand) display pane of Content Explorer. With Content Explorer open, they can see the Sites tree structure on the left and can browse all the way down to specific folders. However, when they click said folders, they are not seeing any content/items displayed in the display window.
I have spent time examining the Rhythmyx Administration Manual…and while it discusses roles, no where does it make specific reference to roles and how they relate to content visibility. I was hoping someone could provide specific feedback on (or possible reasons) why the removal of the admin role would allow users to view the site/tree structure and folders, but prevent the visibility of content/items within those folders. Perhaps even more important, where and/or how are these security settings specified (via the Workbench? Administrator console? in Content Explorer?).
Thanks and I look forward to any responses.
Out of the box, the Admin role is very powerful, allowing access to items that don’t belong to the user’s community. View the properties of the non-visible items to see what community they belong to – maybe it’s a “YourSite_Admin” community (a type of community which we no longer use), like the FF Enterprise_Investments_Admin, which these non-admins don’t belong to. I always change the Folder Community in Content Explorer (right-click > Properties) to be visible only to that site community.
Thomas,
In Rhythmyx, two factors determine object visibility:
[ul]
[li]Community
[/li][li]Workflow State
[/li][/ul]
All Content Items exist in the Community in which they were created. Only users logged in to that Community can see Content Items in that Community.
Each Content Item exists in a Workflow State. Only users in Roles with access rights in the Workflow State can see Content Items in that State, and the level of access is defined in the Role Assignment to the State. Members of a Role with Read access can see and open the Content Item, but cannot modify it or Transition it (a Transition is treated as a modification to the Content Item). Members of a Role with Write access can modify the Content Item (edit it and Transition it). This information is maintained in the Workflow tab of Content Explorer. See the Help from this tab for more details.
Final access is determined by the intersection of these access privileges. A user must be in the Community of the Content Item and in a Role that has access rights in its current State.
Since these users could see the Content Items before, they were in the right Community. When you removed these users from the Admin Role, what Role (or Roles) did you assign them to? What are the rights of these Roles in the current Workflow State of the Content Item?
RLJII
A little bit of clarification:
While Community does control the visibility of a number of object types in Rhythmyx, such as Templates, Action Menu Entries, and even Content Types (for creating new Content Items), it does not control the visibility of individual Content Items (once they have been created).
Users can see Content Items in a different Community, but they can only act on (Check Out, edit, or Transition) Content Items in the Community they are currently logged in to.
RLJII
Thanks RLJII, your detailed post yesterday led me in the right direction and I was able to get things resolved. Turns out I needed to grant the other role “read” access to each workflow state. Much thanks!
Tom