Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCU-149

How to protect a public instance from unauthorized activation

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Neutral
    • None
    • None
    • content
    • None

    Description

      Write a best practice for preventing unauthorized content activation to public instance. The default Magnolia way to solve this is with an activation workflow. Permissions to activate and approve content are granted to distinct groups of users - typically editors can activate and publishers can approve.

      This is already explained somewhat in Workflow and inbox access but the question keeps coming up in RFPs often enough that we should write a dedicated answer. You can revise the existing article, new page not necessary.

      Points to cover:

      • Activation workflow. Can have multiple: website, dms etc.
      • Organizing responsibilities through groups and roles. Talk about the default roles since they work fine to solve this issue.
      • How to grant/restrict access to Activate command
      • How to grant/restrict access to workitems in inbox
      • How to grant/restrict access to Approve command

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              ahietala Antti Hietala
              ahietala Antti Hietala
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoR