Publications Permissions
7.4+
Publications works with Liferay’s permissions framework, so you can assign application and resource permissions to regular roles. You can also assign permissions scoped to individual publications when inviting collaborators. Only permitted users can access publications and perform actions on its resources.
Publications permissions do not include page and content editing privileges. Publications users require explicit permissions for the applications and resources they’re expected to act upon (e.g., web content, blogs, pages).
By default, Liferay provides the Publications User role with basic permissions for creating and accessing publications.
If needed, you can create additional regular roles or configure existing roles for content creators, reviewers, and publishers. See Creating and Managing Roles and Defining Role Permissions for more information.
You can only assign Publications permissions to regular roles. See Understanding Roles and Permissions for more information.
Application Permissions
Application permissions grant access to the Publications application itself and do not include resource permissions.
| Permission | Description |
|---|---|
| Access in Control Panel | Access the Publications application in the Global Menu ( ). |
| Add to Page | N/A |
| Configuration | Enable or disable Publications and the Sandbox Only mode. |
| Permissions | View and modify permissions for the Publications application. |
| Preferences | N/A |
| View | View the Publications application in the Global Menu () and access the Publications Bar. |
| Work on Production | Access and work in production while Publications is enabled. |
At minimum, using Publications requires a regular role with the Access in Control Panel and View permissions.
If you’ve enabled Sandbox Only and don’t want users to work in production, ensure they do not have the Work on Production permission.
Resource Permissions
Resource permissions grant access to view and act on resources in the Publications application. Some of these permissions relate to creating publications, while others are for performing actions on existing publications (e.g., edit, delete, publish).
Publications (Creating Publications)
| Permission | Description |
|---|---|
| Add Publication (1) | Create a publication. Without this permission, users can only access and contribute to a publication when invited. |
| Permissions (2) | View and modify permissions related to creating publications: Add Publication and Permissions. |
Users with these permissions can perform these actions in the Publications application.
Publication (Acting on Existing Publications)
| Permission | Description |
|---|---|
| Delete | Delete publications you can view. |
| Permissions | View and modify permissions for publications you can view. This includes the ability to invite users to a publication. |
| Publish | Publish publications you can view. |
| Update | Update publications you can view; this includes the ability to work in a publication and edit the publication’s name and description. |
| View | View all publications in the Liferay instance; this includes the ability to review each publication’s changes. |
Users with these permissions can perform actions on existing publications.
Publications User Role
By default, the Publications User role has these permissions:
- Portal: View Control Panel Menu
- Publications: Access in Control Panel
- Publications: View
- Publications > Publications: Add Publication
Assigning Roles to Publication Collaborators
By default, publication creators are assigned the owner role and have full permissions on their publication. When inviting users to a publication, owners can assign these roles:
| Publication Role | View | Update | Publish | Permissions | Delete |
|---|---|---|---|---|---|
| Viewer | ✔ | ✘ | ✘ | ✘ | ✘ |
| Editor | ✔ | ✔ | ✘ | ✘ | ✘ |
| Publisher | ✔ | ✔ | ✔ | ✘ | ✘ |
| Admin | ✔ | ✔ | ✔ | ✔ | ✘ |
Each publication role is scoped to the current publication and does not grant permissions in other publications.
Publication roles do not override regular role permissions. For example, if users with global delete permissions are assigned the Viewer role in a publication, they can still delete the publication because of their regular role permissions.
Customizing Publication Owner Permissions
Liferay DXP 2025.Q3+
By default, publication owners have full permission to view, update, publish, delete, and manage permissions for their publications.
Starting in Liferay 2025.Q3, administrators can
- Redefine the default permissions for publication owners
- Restrict or remove permission to publish to production
- Apply updated permissions to existing publications
These changes help prevent accidental overwrites in production environments, especially when using Sandbox Only mode.
Updated permissions are applied automatically to new publications. To apply them to existing publications, administrators must update the publication configuration.
You can change permissions during publication setup (1) or later from the Actions Menu (
) (2) for each publication in the Publications app.
By default, publication owners can publish and manage permissions. To avoid unintended changes in production (especially in Sandbox Only mode), edit the Publication Owner role to remove the Permissions and Publish permissions. Also avoid assigning users the Publications Publisher or Publications Admin roles unless necessary.
Regular Roles for Publications
Starting in Liferay DXP 2025.Q3, additional regular roles simplify permission management when multiple users need consistent access across all publications:
| Role | Description |
|---|---|
| Publications Viewer | View publications only. No ability to edit or publish. |
| Publications Editor | View and edit publications but cannot publish them. |
| Publications Publisher | View, edit, and publish publications. |
| Publications Admin | Full permissions: view, edit, publish, delete, and manage. |
These roles complement the scoped roles you assign to collaborators. Scoped roles apply only to the publication where they’re assigned, while regular roles grant permissions across all publications.