Liferay is huge web portal consists of many things which make ready to use web application in real time. In the theoretical way liferay consist of following building blocks which will run the entire liferay portal.
- Users Group
- Roles and Teams
Liferay have concept called site, in general site is like website which consist of pages, web content , users and some dynamic functionality, we can say sites are used to organize pages, content, application data.
In general business scenario we will display our information through website in the internet and we will use some html or some other web application technology to achieve it ,similar way liferay have site feature so that we can create site and we can show our content to end users.
To make this liferay have different artifacts like pages, web content and some dynamic applications called portlet, all together will make website or site.
For each site we have different stake holders or end users to access the site, in the same way liferay have users and we can assign users to particular site so that they will surf around the web site.
In the site we will have site pages and each page have certain layout and each page consist of some static content and dynamic content.
In liferay we will use Web content management system to design content for site and we will use portlet application to meet dynamic functionality. We will learn more about WCM and Portlets in the future articles. In site any one can be members like users, organizations and user groups.
Sites have parent child relation so that the content will be sharable to child sites its bases on some configuration and these are handled by portal properties.
In the site we can categorize into following ways
Users can become members of the site at any time any use can register and join in this website.
Users can request site membership but site administrators must approve requests in order for users to become members. Requests can be made from the My Sites portlet.
Users are not allowed to join the site or request site membership. Private sites don’t appear in the My Sites portlet. Site administrators can still manually select users and assign them as site members.
Site has following capabilities
- Membership management
- Content Management
- Document Management
- Role management
- Permission Management
- Site data Export/Import
- Coloration tools like Calendar
Organization is similar to site but it can used to only group the people and manage them.
In organization also we can have pages, web contents and users. In the organization users only can be members.
In the organization we can create users and assign users to specific organization by admin.
We have roles so that roles will decide the user’s accessibility over the organization like when he/she accesses some data or some applications.
When we use organization ,we will use organization roles , apart from this we can also create teams with in organization and we can assign users to teams.
Teams also have some permission so that it will decide user’s accessibility over organization.
In the organization we have Parent and Child relation and we have two types of organization regular and Location based organization.
We will see more about Liferay Organization in the future articles.
Users Group is another specific use in general business scenarios. We will use users groups to group specific interested peoples.
Here users may belong to any site or organization but he can be member for any user group.
Example we have Big IT Company across globe and each area we may have location wise organizations. But people may have interest in particular area like Photography so here all interested people can join in Photography User Group but users may be belongs to any organization which may be reside in any area.
Roles and Teams
Roles are grouping of users that share a particular function within the portal, according to a particular scope. Roles can be granted permissions to various functions within portlet applications.
Roles are associated to user so that it will decide what kind of access user has in the site/organization/user group.
Roles are available to sites/organization/user group based on role type.
We have following Role Types:
- Portal Role/Regular Role
- Site Role
- Organization Role
Portal Role/Regular Role
Liferay is providing Portal Role/Regular Role for portal level. It’s not specific to anything like Organization, Site or User Group. This role can be assigned to any user who belongs to any one of Organization, Community or User Group.
Liferay Provided Following Regular Roles by Default
Administrators are super users who can do anything.
Unauthenticated users always have this role.
This is an implied role with respect to the objects users create.
Power Users have their own personal site.
Authenticated users should be assigned this role.
The following diagram shows meaning of regular role
We can associate regular to any used who belongs to Organization/Site/User Group
Assume there is one regular role called RR1
There two organizations OrganizationA and OrganizationB
We have user called User1
We assign RR1 to User1
RR1 have edit permission PortletA
User1 € OrganizationA is having role RR1 if login to OrganizationA he will get Edit Permission on PortletA.
User1 € OrganizationB is having role RR1 if login to OrganizationB he will get Edit Permission on PortletA.
Here if we assign regular role to the user if the user belongs to multiple organization or sites he/she will be getting same permissions on the resources which are in different organizations or communities.
When we work with regular roles we should very cautious while using in organization, communities or user groups.
Site Role is one of the types in liferay which is only associated to Site users. This role only we can associate to site users.
When we create site role we can use this site role to any used who belongs to any site liferay.
Liferay Provided Following Site Roles by Default
Site Administrators are super users of their site but cannot make other users into Site Administrators
All users who belong to a site have this role within that site.
Site Owners are super users of their site and can assign site roles to users.
Similar to site role organization role is used for organization users. This role can be associated to any user who belongs to any organization in portal.
The following diagram shows meaning of Organization Role
Liferay Provided Following Organization Roles by Default
Organization Administrators are super users of their organization but cannot make other users into Organization Administrators.
Organization Owners are super users of their organization and can assign organization roles to users.
All users who belong to an organization have this role within that organization.
We have tow organization type roles OTR1 and OTR2
For OTR1 EDIT ACTION on PortletA
For OTR2 VIEW ACTION on PortletA
We have user called User1
We have two Organizations OrganizationA and OrganizationB
For User1 we have assigned OTR1 in OrganizationA
For same user User1 we have assigned OTR2 in OrganizationB
When he login into OrganizationA he has EDIT permission on PortletA.
When he login into OrganizationB he has VIEW permission on PortletA
Here organization roles work in the premises of organization associated with respective roles.
The following diagram depicts the entire concept.
Teams are similar to role but teams will work with in organization/site unlike role.
If we create any team in site/organization then it will be available to with in organization/site, so that we can associate teams to the users who are belongs to specific site/organization.
If we create any role we can use role to all organization/sites based on role type but when create team the team will be used within organization/site where we created.
Users are the stake holders to the portal.In liferay we have many users who are associated with different roles and they are belongs to sites/organization/user group.
If any user wants to get access over any site/organization foremost thing is user should be member of Site/Organization. In liferay each user may associate with one more roles similarly user may belongs to one or more sites/organization/user groups.
Each role has set of permission so that user will get specific set of access over the site/organization/with application/page.
Based on role and its associated permissions will make the user will get access over site/organization.
Permission is set of actions which will act on object/resource. In liferay each and every object we can call it as Resource and each resource have set of actions. These actions are controlled by permissions.
In liferay each permission/action will be associated with role and role will be associated with user. Finally permission will be controlled the access of user over the site/ organization
The following is Under Standing Diagram about Permission System
We have deferent kind of permission in liferay
- Page level permission
- Portlet level permission
- Individual Resource level permission
Page level permission:
Page level permission will be decided whether page should be visible to particular role user or not. Based on permission action page will be visible to user
Portlet level permission:
Portlet Level permission will decide whether portlet should be visible to particular role user or not.
Individual Resource level permission
Individual resources like image, document or functionality with in portlet or application.
Example in Announcement portlet we have add announcement. Update and delete announcement.
We will assign delete, add and Update permission to only Admin Role users all other users can only view announcement.
If we have some document we will give particular role user can only download. Such kind of things we will call it as Individual Recourse Permissions.