Permissions Framework Integration

Liferay 7.4+

Published objects are integrated automatically with Liferay’s permissions framework. You can manage user access to an object and its entries with application and resource permissions. With role-based access control, you can ensure only appropriate users view and use your application’s data.

By default, custom object permissions are not assigned to user roles automatically. This is to prevent the accidental exposure of object data. To grant access, manually assign object permissions to the desired roles.

When defining role permissions, active objects appear according to their scope and panel link. Before Liferay DXP 2024.Q3/Portal 7.4 GA125, custom objects did not appear in the Roles UI without a set panel link. Starting from Liferay DXP 2024.Q3+/Portal 7.4 GA125+, all active custom objects without a parent appear under a new Objects section in the Roles UI even without a panel link.

Account restricted objects must also have Show Widget enabled.

Tip

For site-scoped objects, you can determine whether permissions are granted for all sites or only specific sites.

Important

Account and organization roles are only supported in objects with account restriction enabled. Otherwise, you can only use regular and site roles for assigning object permissions. See Account Restriction and User Roles for more information.

Application Permissions

Application permissions grant access to the published object itself and do not include resource-related permissions. Each object includes these standard application permissions according to their defined scope:

PermissionDescription
Access in Control Panel (Company Scope Only)Access the object in the Global Menu ( Global Menu ).
Access in Site and Asset Library Administration (Site Scope Only)Access the object in the Site Menu ( Site Menu ) or Asset Library.
ConfigurationN/A
PermissionsView and modify application permissions for the object.
PreferencesN/A
View*View the object’s application page.

* The view permission is also required to view mapped content, add/modify a form container mapped to the object definition while editing a page, and perform other actions provided users have additional required permissions (e.g., creating display page templates, information templates, and site navigation menus). Without it, collection and content displays are not displayed in View and Preview modes.

Resource Permissions

Resource permissions grant access to view, create, and act on entries for custom object definitions. Some of these permissions relate to creating object entries, while others are for performing actions on existing entries (e.g., edit, delete).

Creating Entries

PermissionDescription
Add Object EntryCreate an entry. This permission is required to view the associated object’s form container. Without it, form containers are not displayed in View and Preview modes.
PermissionsView and manage permissions related to creating entries.

To learn about managing guest users’ ability to add object entries, see Managing Guest User Permissions.

Acting on Existing Entries

PermissionDescription
DeleteDelete entries.
Object Entry HistoryUse REST APIs to query entry history. This permission is only available while Entry History is enabled for the object definition.
PermissionsView and modify permissions for individual entries.
UpdateUpdate entries.
ViewView entries.
Note

The creator of an object entry is assigned the owner role automatically and granted the above permissions.

Resource permissions are generated for each standalone action added to an object. They’re useful for managing which roles can trigger the action, and are named using the action.[actionName] pattern.

Managing Permissions for Individual Object Entities

For 7.4 U10+/GA14+

With custom objects, you can manage permissions for individual database entities to control access to object data.

Follow these steps:

  1. Navigate to the desired custom object.

  2. Click the Actions button (Actions Button) for the desired entity and select Permissions.

    Click the Actions button for the desired entity and select Permissions.

  3. Use the checkboxes to grant permissions to act on the entry permissions to the desired roles.

    Note

    Permissions defined in the Roles administrative application override permissions defined at the entity level.

    Use the checkboxes to assign permissions to the desired roles.

  4. Click Save.

Capabilities

Product

Contact Us

Connect

Powered by Liferay
© 2024 Liferay Inc. All Rights Reserved • Privacy Policy