Managing Object Permissions
Liferay’s permissions framework enables administrators to control access to object applications, specific object definitions, and individual object entries. This ensures users can only interact with the data and functionalities that are relevant to their roles. With granular permissions, you can define which roles have access to various levels of the Objects application, from creating definitions to managing entries and executing specific actions.
Objects Application Permissions
Objects application permissions enable administrators to manage access to the Objects application itself, along with the ability to create and configure new definitions or folders. Key application permissions include the following:
-
Access in Control Panel: Allows users to access the Objects application through the control panel.
-
Configuration: Allows users to modify the configuration settings for the Objects application.
-
Add Object Definition: Allows users to create new object definitions.
-
Add Object Folder: Allows users to create folders for organizing object definitions.
-
Extend System Object Definition: Allows users to add fields, relationships, actions, and validations to system objects.
With application permissions, administrators have the flexibility to assign user roles varying levels of control over the Objects application.
Object Definition Permissions
Object definition permissions determine access to object entries of a given object definition. These include permissions for creating, viewing, updating, and deleting object entries. This level of permissions is ideal for administrative or managerial roles that need to be scoped to specific objects. For example, in Clarity’s distributor management app, the role of Business Development Manager is given access to the Distributor Application object definition. Users with this role then have the appropriate permissions to review and process entries of this object (i.e., submitted distributor applications).
Object definition permissions also extend to object actions, so that only certain roles are enabled to execute sensitive or business-critical actions. For the distributor management app, a Verify Distributor action might only be granted to specific authorized users to create an additional layer of security.
Object Entry Permissions
Object entry permissions give administrators the most granular level of control over specific object entries. This level of permissions is particularly useful for owner-based access, where only the creator or designated owner of an object entry can view or edit it. You can also determine access based on specific object parameters, such as region or department, so that each object entry is only available to roles that meet certain criteria.
Best Practices for Managing Object Permissions
You should always apply permissions at the role level to streamline management. Roles can then be assigned to users or user groups based on their organizational responsibilities. When assigning permissions, implement the principle of least privilege: only grant users the minimum access necessary to accomplish their task, reducing the risk of unauthorized access. Finally, review all permissions periodically to ensure they are aligned with evolving roles and security needs.
Conclusion
Liferay’s permission framework provides flexible, multi-level access control, from broad application permissions down to individual object entries and actions. By managing permissions thoughtfully, administrators can ensure a secure and efficient environment where users have precisely the access they need. Next, you’ll define some object permissions for Clarity’s distributor management app.
Capabilities
Product
Education
Contact Us