Setting permissions with workflow
You can control the access to portal objects based on:
- Location - use Local Roles tab on the folders to control which users are considered reviewers, owners, managers, etc.
- State (Publishing status) - use permissions on a workflow to define which roles have access in each state.
The following instructions will show how to copy and modify a workflow to restrict access. By default, objects that are in a visible or pending status are viewable by any logged in user. I did not want to make that content available until it was officially published, however, certain users need access to certain areas (folders) in order to add, revise and publish the content they are responsible for. I used Local Roles to give specific users status in a folder as reviewers, owners, or managers.
- In the ZMI, go into your Plone folder, then into "portal_workflow".
- Note the name of the workflow that is specified for the object you want to control. If this is "(Default)", then the name is in the bottom field. This name is probably "plone_workflow".
- Click on the "Contents" tab
- Check the box next to the workflow you noted above, then click the copy button.
- Click the paste button that appeared after you did the copy.
- Rename the new workflow to something meaningful.
- Click on your new workflow.
- Click on the "States" tab.
- For each of the states you want to change permissions for:
- Click on the state name.
- Click on the Permissions tab.
- Uncheck the " Acquire permission settings?" boxes.
- Change the other permissions as desired (or as shown below if you want to duplicate my workflow).
- Go back into "portal_workflow".
- Change the value of the workflow field to the name of your new workflow for any objects you want to have affected (or just change the default).
- Click the "Change" button.
- Click the "Update security settings" button.
- Test the access on object types that use your new workflow.
Pending State
Permission name |
Anonymous |
Authenticated |
Manager |
Member |
Owner |
Reviewer |
|
|---|---|---|---|---|---|---|---|
Access contents info |
X |
X |
X |
||||
Modify portal content |
X |
X |
|||||
View |
X |
X |
X |
||||
Private State
Permission name |
Anonymous |
Authenticated |
Manager |
Member |
Owner |
Reviewer |
|
|---|---|---|---|---|---|---|---|
Access contents info |
X |
X |
|||||
Modify portal content |
X |
X |
|||||
View |
X |
X |
|||||
Published State
Permission name |
Anonymous |
Authenticated |
Manager |
Member |
Owner |
Reviewer |
|
|---|---|---|---|---|---|---|---|
Access contents info |
X |
X |
X |
X |
X |
X |
|
Modify portal content |
X |
X |
X |
||||
View |
X |
X |
X |
X |
X |
X |
|
Visible State
Permission name |
Anonymous |
Authenticated |
Manager |
Member |
Owner |
Reviewer |
|
|---|---|---|---|---|---|---|---|
Access contents info |
X |
X |
X |
||||
Modify portal content |
X |
X |
|||||
View |
X |
X |
X |
||||
Note that there may be more permissions available, depending on what products you have installed. However, the principle is the same for all of them.
Visit our