Permissions Framework Integration
Available Liferay 7.4+
Published objects are integrated automatically with Liferay’s permissions framework. You can manage user access to an object and its entries with application and resource permissions. With role-based access control, you can ensure only appropriate users view and use your application’s data.
When defining role permissions, active objects appear according to their scope and panel category key.
For site-scoped objects, you can determine whether permissions are granted for all sites or only specific sites.
Account and organization roles are only supported in objects with account restriction enabled. Otherwise, you can only use regular and site roles for assigning object permissions. See Account Restriction and User Roles for more information.
Application permissions grant access to the published object itself and do not include resource-related permissions. Each object includes these standard application permissions according to their defined scope:
|Access in Control Panel (Company Scope Only)||Access the object in the Global Menu ( ).|
|Access in Site and Asset Library Administration (Site Scope Only)||Access the object in the Site Menu ( ) or Asset Library.|
|Permissions||View and modify application permissions for the object.|
|View||View the object’s application page.|
Resource permissions grant access to view and act on resources in the object application. Some of these permissions relate to creating object entries, while others are for performing actions on existing entries (e.g., edit, delete).
|Add Object Entry||Create an entry.|
|Permissions||View and manage permissions related to creating entries.|
Acting on Existing Entries
|Permissions||View and modify permissions for individual entries.|
When users create object entries, they are assigned the owner role for their entries automatically, which includes the above permissions.
Managing Permissions for Individual Object Entities
For 7.4 U10+/GA14+
With custom objects, you can manage permissions for individual database entities to control access to object data.
Follow these steps:
Navigate to the desired custom object.
Click the Actions button () for the desired entity and select Permissions.
Use the checkboxes to grant permissions to act on the entry permissions to the desired roles.note
Permissions defined in the Roles administrative application override permissions defined at the entity level.