Using the Control Panel

The Portal section of the Control Panel is used for most administrative tasks. You will find there an interface for the creation and maintenance of

• Users

• Organizations

• Communities

• User Groups

• Roles

Additionally, it allows you to configure many server settings, including:

• Password Policies

• Authentication options, including Single Sign-On and LDAP integration

• Default User Associations

• Reserved Screen Names

• Mail Host Names

• Email Notifications

You will use the Portal section of the Control Panel to create your portal structure, implement security, and administer your users. Note that only users with the Administrator role—a portal scoped role—have permission to view this section of the Control Panel.

Adding Users

Let's begin by adding a user account for yourself. We will then configure this account so that it has the same administrative access as the default administrator account. Go up to the Dock and click the Control Panel link, if you aren't there already. Then under the Portal category, click Users. Click the Add button.

Illustration 37: The Add User screen. You will then be presented with the Add User form. Fill out the form using your name and email address. When you are finished, click Save.

The page will then reappear with a message saying that the save was successful, and there will now be an expanded form which allows you to fill out a lot more information about the user. You don't have to fill anything else out right now, but one thing is important to note: when the user ID was created, a password was automatically generated and, if Liferay has been correctly installed (see Chapter 2), an email message with the password in it was sent to the user. This of course requires that Liferay can properly communicate with your SMTP mail server in your organization.

If you have not yet set up your mail server, you will need to use this screen to change the default password for the user ID to something you can remember. You can do this by clicking on the Password link in the box on the right, entering the new password in the two fields, and clicking Save.

Next, you will want to give your user account the same administrative rights as the default administrator's account. This will allow you to perform administrative tasks with your own ID instead of having to use the default ID. And this allows you to make your portal more secure by deleting or disabling the default ID.

Illustration 38: Liferay's User Account editor. Click the Roles link. You will then be taken to a screen which shows the roles to which your ID is currently assigned. By default, you should have one role: Power User. By default, all users are also assigned the Power User role. You can give this role certain permissions if you wish or disable it altogether (we will see how to do this later). You can also define the default roles a new user receives; we will go over this later also.

To make yourself an Administrator, click the Select link. A window will pop up with a list of all the roles in the system. Select the Administrator role from the list and the window will disappear and you will see that the role has been added to the list of roles to which you are assigned. Next, click the Save button, which is at the bottom of the blue bar of links on the right. You are now an administrator of the portal. Log out of the portal and then log back in with your own user ID.

User Management

If you click the Users link on the left of the Control Panel, you will see that there are now two users in the list of users. If you wanted to change something about a particular user, you can click the Actions button next to that user.

Edit User: This takes you back to the Edit User page, where you can modify anything about the user.

Permissions: This allows you to define which Roles have permissions to edit the user.

Manage Pages: If the user has pages, this allows you to edit them.

Impersonate User: This opens another browser window which allows you to browse the site as though you were the user.

Deactivate: Clicking this will deactivate the user's account.

Note that most users will not be able to perform most of the above (in fact, they won't even have access to this section of the Control Panel). Because you have administrative access, you can perform all of the above functions.

Organizations

Organizations in Liferay are meant to model organizations in real life. They can be used to represent different companies, non-profit organizations, churches, schools, clubs, and so on. They have been used to represent a sports league, with various sports (soccer, baseball, basketball, etc.) and their teams as sub-organizations. If you have a collection of users that all belong to the same grouping, you may be able to model that as an organization.

Your portal may have only one organization or several, depending on what kind of site you are building. For example, a corporate site may model its own organization hierarchy in Liferay, while a social networking site may have users from many separate organizations who access the site. Organizations can have a hierarchy to unlimited levels, and Users can be members of one or many organizations—inside of a hierarchy or across hierarchies.

Additionally, Organizations can be associated with Roles. One application of this in a corporate setting could be an IT Security group. You may have an organization within your IT organization that handles security for all of the applications company-wide. If you had users as members of this organization, you could grant the Administrator role you just granted to your own ID to the whole Organization, thereby giving the members of the IT Security organization administrative access to the portal. If a user in this organization later was hired by the Human Resources department, the simple administrative act of moving the user from the IT Security organization to the HR organization would remove this privilege from the user, since the user would no longer be in an organization that has the Administrator role. By adding the user to the HR organization, any roles the HR organization has (such as access to a benefits system in the portal) would be transferred to the user. In this manner, you can design your portal to correspond with your existing organization chart, and have users' permissions reflect their positions in the chart.

Of course, this is only one way to design it. If you have more complex requirements, you can combine Organizations with User Groups and scoped Roles to assemble the sets of permissions you wish to grant to particular users.

Organizations are one of two types of Liferay resources (the other being Communities) that can have its own pages. This allows members of the organizations (if they are granted the Manage Pages permission) to maintain their own pages. They can have a set of public pages which include information and applications appropriate for guests or logged in users who are not members of the Organization to make use of (such as a help desk ticket entry system for an IT page), and they can have a set of private pages with applications for the organization's own use (such as the back-end portlets of the same ticketing system).

To add an organization, click the Organizations link on the left side of the Control Panel, and then click the Add button.

Illustration 39: Adding an organization. Name: The name of the organization.

Type: Use this to choose whether this is a regular organization or a location.

Parent Organization: Click the Select link to bring up a window which allows you to select the organization in the system that is the direct parent of the organization you are creating. Click the Remove button to remove the currently configured parent.

Fill out the information for your organization and click Save.

As before with users, the form reappears and you can enter more information about the organization. Organizations can have multiple email addresses, postal addresses, web sites, and phone numbers associated with them. The Services link can be used to indicate the operating hours of the organization, if any.

For now, click the View All button. This will take you back to the list of organizations.

Click the Actions button next to the new organization you have created. You will then see the many actions you can take to manipulate this organization.

Edit: Lets you edit the organization.

Manage Pages: Lets you create and manage public and private pages for the Organization.

Assign User Roles: Lets you assign Organization-scoped roles to users. By default, Organizations are created with three roles: Organization Administrator, Organization Member, and Organization Owner. You can assign one or more of these roles to users in the organization. All members of the Organization get the Organization Member role.

Assign Members: Takes you to a screen where you can search and select users in the portal to be assigned to this organization as members.

Add User: Adds a new user in the portal who will be a member of this organization.

View Users: Shows a list of users who are members of this organization.

Add Regular Organization: Lets you add a child organization to this organization. This is how you create hierarchies of organizations with parent-child relationships.

Add Location: Lets you add a child Location, which is a special type of organization that cannot have any children added to it.

View Suborganizations: Shows a list of all the organizations that are children of this organization.

Delete: Deletes this organization from the portal. You will have to ensure that the organization has no users in it first.

Tip: Note that you are already a member of the organization you created, because you created it. By creating an organization, you become both a member and have the Organization Owner role, which gives you full rights to the organization.

Communities

Communities are very much like Organizations except that they are not hierarchical. They are designed instead to be islands to themselves which anyone from any organization (or from no organization at all) can join. You can use Communities, therefore, in any situation where you need to cut across the organizational structure of your portal, or where you have a site that would apply to almost anybody.

For example, a corporate Intranet running Liferay may have sites for all the organizations in the company: Sales, Marketing, product groups, Information Technology, Human Resources, and so on. But what about the corporate health and fitness center? That's something that everybody in the company—regardless of organization—potentially has an interest in, and may want to join. That's a good candidate for a Community. Using the same scenario, the home page for the Intranet is probably best placed in a community that any member of the portal can access.

For other kinds of web sites, you may want to use communities to bring people together who have a common interest. If you were building a photo sharing web site out of Liferay, you may have communities based on the types of photos people want to share. So those who enjoy taking pictures of landscapes can join a Landscapes community, and those who enjoy taking pictures of sunsets can join a Sunsets community. And if they lose interest, they can leave those communities too.

The default home page in Liferay is in a community called Guest, and this is where you would put your public web site. As you can see, there are several scenarios in which you would want to use something like a community instead of an organization, and this is why they have a distinct role within Liferay Portal.

Communities can be created and managed in two ways. The first is through the Control Panel, like every other user / page collection in Liferay. The second is through the My Communities portlet, which can be added to any page in Liferay. Why two ways? Because the My Communities portlet also doubles as a way to navigate from community to community, and allows users to browse the list of communities and select whether or not they want to join one (if it is open or restricted). This enables you as a portal administrator to provide users with this functionality without giving them access to the Control Panel.

To add a community, click the Communities link on the left side of the Control Panel in the Portal section, and then click the Add button.

Name: Enter the name of the community you wish to create.

Description: Enter some descriptive text about the community.

Type: There are three kinds of communities: Open, Restricted, and Private. An open community appears in the My Communities portlet and users can join and leave the community whenever they want. A restricted community is the same except users can only request membership. A community administrator must then explicitly grant or deny users' requests to join. A private community does not appear in the My Communities portlet and users must be added to it manually by a community administrator.

Active: Communities can be active or inactive. If a community is inactive, no data can be added to it.

Tags: You can use Liferay's tagging mechanism on the community. This is helpful if the community has a specific, topical purpose within the portal.

Once you have created a community, it will appear in the list of communities in the Control Panel. The operations you can perform on it are very similar to the operations you can perform on organizations.

Edit: Lets you edit the community.

Manage Pages: Lets you create and manage public and private pages for the community.

Assign User Roles: Lets you assign community-scoped roles to users. By default, communities are created with three roles: Community Administrator, Community Member, and Community Owner. You can assign one or more of these roles to users in the community. All members of the community get the Community Member role.

Assign Members: Takes you to a screen where you can search and select users in the portal to be assigned to this community as members.

Join/Leave: If you are not a member of the community, you will have a Join or Request Membership option. If you are a member of the community you will see an option to leave the community.

Delete: Users with administrative access to the portal or who are owners of the community can delete it.

Community Provisioning

Communities are ideal workspaces for teams to collaborate on common projects. They provide an isolated area where a group of people can place all of their data pertaining to a particular topic, and many organizations have used them for this purpose. It is a far better way to share data than using email and a shared folder on a network. Instead, Liferay's Document Library portlet empowers users to access and update documents simultaneously, and all versions of the documents are preserved. A Calendar portlet can be used to keep track of the team's appointments and meetings, and can send notifications out to the team. A Wiki portlet can be used to document the project as it progresses. A Message Boards portlet can be used to keep all team discussions in one place.

To enable the ad-hoc creation of communities for this purpose, Liferay 5.2.3 and above allows portal administrators to create communities based on templates. What this means is that you can create a template community that has a pre-defined set of pages and portlets, and then use that template to very quickly create multiple communities that are pre-populated with those pages and portlets.

You can create templates for open, restricted, and private communities. Additionally, you can create a default template that applies to all kinds of communities. For our example, we will work with the default template.

Go to the Control Panel and click Communities. Click the Add button and create a community called DEFAULT_TEMPLATE. Make it a private community. Once the community has been created, click Actions → Manage Pages, and then click the Settings tab. Select Activate Staging.

Illustration 40: Activating Staging on the community template. Now go ahead and use the Public Pages or Private Pages tabs to create pages in the template and populate them with portlets. You can always use the View Pages button to view the pages you are creating, to add portlets, and to change layouts. These pages will be surrounded by a red border. This indicates that you are working in a staging environment.

Illustration 41: Populating pages in the community templateThat's all you need to do. Don't publish the changes to the template; leave it in staging mode. Any future communities that you create will have the same layouts and portlets as what you have placed in the DEFAULT_TEMPLATE.

To further refine this, you can create other kinds of templates for specific types of communities in the same manner.

If community is open, use the name OPEN_TEMPLATE to create a template for open communities. Use the name RESTRICTED_TEMPLATE to create a template for restricted communities. Use the name PRIVATE_TEMPLATE to create a template for private communities. The DEFAULT_TEMPLATE we have just created applies to all types of communities. If you want all newly created communities to have a Forums page with a Message Boards portlet on it, you would create that in the DEFAULT_TEMPLATE.

This feature streamlines the community creation process for administrators, making it very easy to quickly create communities for teams.

User Groups

User Groups are arbitrary groupings of users. These groups are created by portal administrators to group users together who don't have an obvious organizational or community-based attribute or aspect which brings them together. Groups cannot have permissions like roles, but User Groups can be added to Roles. Why would you use User Groups, then? They come into play when you have complex security requirements and for page templates, which we will discuss below.

Creating a User Group is easy. Click the User Groups link and then click the Add button. There are only two fields to fill out: Name (the name of the User Group) and Description (an optional description of what the group is for). Click Save and you will then be back to the list of groups.

As with the other resources in the portal, you can click the Actions button to perform various operations on User Groups.

Edit: Allows you to modify the name or description of the User Group.

Permissions: This allows you to define which Users, User Groups, or Roles have permissions to edit the User Group.

Manage Pages: Though User Groups don't have pages of their own, you can create page templates for a group. When a User Group has page templates, any users added to the group will have the group's pages copied to their personal pages. This allows you to do things like create a Bloggers user group with a page template that has the Blogs and Recent Bloggers portlets on it. The first time users who are added to this group log in to the portal, this page will get copied to their personal pages. They will then automatically have a blog page that they can use.

Assign Members: Takes you to a screen where you can search for and select users in the portal to be assigned to this User Group.

View Users: Lets you view the users who are in the User Group.

Delete: Deletes the User Group.

User Groups and Page Templates

Liferay allows users to have a personal set of public and private pages that each user can customize at will. The default configuration of those pages can be determined by the portal administrator through the portal-ext.properties file and optionally by providing the configuration in a LAR file. Though this has been a long-time feature of Liferay, it was not very flexible or easy to use.

Liferay version 5.1 introduced the concept of page templates which are tied to User Groups. This enables administrators to provide the same configuration for the personal pages of all (or just a subset of) users, using Liferay's GUI instead of the properties file. In some cases you may want to provide a different configuration for each user depending on his or her profile. For example, in a portal for University students, staff and undergraduates would get different default pages and portlets in their personal space. You can also set it up so that different groups are combined together to create the desired default configuration. When a user is assigned to a user group, the configured page templates are copied directly to the user's personal pages.

User Group Page Templates: Defining page templates for a user group

The a User Group's page templates can be administered using the Control Panel. The User Groups link lists all the existing user groups and allows you to perform several actions on each of them.

Illustration 42: Manage Pages action on a User Group. By selecting the Manage Pages action the administrator will access the common Liferay UI for creating pages and organizing them in a hierarchy.

Note that it is possible to create both public and private pages. Each set will be used as templates to be copied to the user's personal public or private page sets respectively when the user becomes a member of the user group.

Illustration 43: Adding a Page TemplateIn the screen shot above, the administrator has created a new private page called You are a student within the Students user group. Since the page created is a portlet page, the administrator can now click the View Pages button to open the page and add as many portlets as desired to that page and configure them as needed. Let's assume for this example that the Loan Calculator and Calendar portlets are selected.

Applying the page templates by assigning members to the user group

The next step will be to assign an existing user to that group to verify that the page template is copied as a user's private page. To do this, click Actions → Assign Members action in the list of available user groups.

Illustration 44: Assigning Members to a User GroupBy clicking the Available tab in the next screen, a list of all available users is shown. From that list, one or more users can be selected to make them members of the user group. When the Update Associations button is clicked, the users become members of the group and copies of any public or private page templates which are configured for the user group are copied to their page sets.

Illustration 45: Template copied to a user's page set. In the previous example, a user that already had an existing page called Welcome will now have a new page called You Are A Student the next time she accesses her personal space. That page will contain two portlets: Loan Calculator and Calendar as configured by the User Group administrator:

Additional details

Because the pages are copied to a user's set of pages, those pages are now owned by the user and they can be changed at any time if the portal is set up to allow users to edit their personal pages. When a user is removed from a user group the associated pages won't be removed: they have become that user's pages. The system is smart enough, however, to detect when a user is added again to a group of which he or she was already a part, and the pages are not added again.

If an administrator modifies page templates for a User group after users have already been added to the group, those changes will be used when new users are assigned to the user group. Since the pages are templates, however, the changes won't be applied to users that were already members of the user group.

Composing A Page Out of Several User Groups

Users can belong to many user groups. If you have templates defined for a number of groups, this may result having many page templates copied to users' pages. To prevent this, you can combine pages from different user groups into a single page.

Let's expand our previous example by dividing the Students into First Year Students, Second Year Students, Third Year Students, International Students, and Prospective Students. For each of these types of students we want them to have a page with the Loan Calculator and Calendar, but depending on which type we also want other different portlets to be on that page too.

This can be achieved by using a naming convention for the pages. If two or more pages of different user groups have the same name, they will be combined into a single page when they are copied to a user's personal pages set.

Illustration 46: Combined portlet pages. In the example above, a User was added to a Students group which had a page called You are a Student. If the administrator creates a page template with the same name (You are a Student) in the First Year Students group and puts in it an RSS portlet pointing to information interesting for them, that page would be combined with the You are a Student page that's in the Students group, and the resulting page would contain the portlets configured for both User Groups:

Page Combination Rules

The following rules are used when composing a page by combining pages from different user groups:

• If a user becomes a member of a User Group that has a page template with the same name in the same set (public or private) as a page that the user already has, those pages will be combined.

• If any of the pages has the name translated to several languages, only the default language is considered in the comparison.

• The portlets on the new page will be copied to the bottom of the equivalent columns of the existing page.

• If the existing and the new pages have different layout templates, the existing one is preserved.

• If the new layout template has portlets in columns that do not exist in the existing page, those portlets will be automatically copied to the first column of the existing layout template.

As you can see, it is possible to have a very flexible configuration for the default pages of portal users. Furthermore, that configuration can be changed at any time using the UI administrators are used to and then assigning users to new user groups.

While these examples are somewhat simple, the system allows for as many user groups as desired. By using the convention of matching the page names it is possible to build any default page composition that you want for your users.

Roles

Roles are groupings of users that share a particular function within the portal, according to a particular scope. Roles can be granted permissions to various functions within portlet applications. Think of a role as a description of a function, such as Message Board Administrators. A role with that name is likely to have permissions to functions of the Message Board portlet delegated to it. Users who are placed in this role then inherit those permissions.

Roles are scoped by Portal, Organization, or Community. The Control Panel makes it easy for you to assign users to Roles and to assign permissions to Roles. You only have to go to one place: the Roles link. From there, you can add roles scoped by Portal, Organization, or Community from one interface.

To create a Role, click the Roles link, and then click the Add button. Type a name for your role and an optional description. The drop down box at the bottom of the form lets you choose whether this is a Regular, Community, or Organization role. When you have finished, click Save.

You will be back at the list of roles. To see what functions you can perform on your new role, click the Actions button.

Edit: Click this action to edit the role. You can change its name or description.

Permissions: This allows you to define which Users, User Groups, or Roles have permissions to edit the Role.

Define Permissions: Click this to define what permissions this role has. This is outlined in the next section.

Assign Members: Takes you to a screen where you can search and select users in the portal to be assigned to this role. These users will inherit any permissions given to the role.

View Users: Lets you view the users who are in the Role.

Delete: Deletes the Role.

Illustration 47: Defining Permissions on a Role. Defining Permissions on a Role

Roles exist as a bucket for granting permissions to the users who are members of them. So one of the main tasks you will be doing with a role is granting it the permissions that you want members of the role to have.

When you click the Define Permissions action on a Portal scoped Role, you are given a choice of two kinds of permissions that can be defined for this role: Portal Permissions and Portlet Permissions. For other Roles, you only see the portlet permissions.

Portal permissions cover portal-wide activities that are in several categories, such as Community, Location, Organization, Password Policy, etc. This allows you to create a Role that, for example, can create new Communities in the portal. This would allow you to grant users that particular permission without making them overall portal administrators.

Illustration 48: Message Boards permissions. Portlet permissions cover permissions that are defined within various portlets. Clicking the Portlet Permissions button brings you to a page where you can browse the names of the portlets that are currently installed in your portal. Once you choose a portlet, you can then define the actions within this portlet that the role will have permission to perform.

If we stick with our example of a Message Boards Admin role, we would then find the Message Boards portlet in the list and click on it. A new page with configurable permissions would then be displayed (see right).

Each possible action to which permissions can be granted is listed. To grant a permission, choose the scope of the permission. You have two choices: Enterprise and Communities. Granting Enterprise permissions means that permission to the action will be granted across the portal, in any community or organization where there is a Message Boards portlet.

If you choose Communities, a button appears next to the permission allowing you to choose one or more communities in which the permission will be valid. This lets you pick and choose specific communities (for a portal scoped role) in which these permissions are valid for users in this role.

Once you have chosen the permissions granted to this role, click Save. For a Message Boards Admin role, you would likely grant Enterprise permissions to every action listed. After you click Save, you will see a list of all permissions that are currently granted to this role. From here, you can add more permissions (by clicking Add Portlet Permissions or Add Portal Permissions), or go back by clicking a link in the breadcrumb list or the Return to Full Page link.

Roles are very powerful, and allow portal administrators to define various permissions in whatever combinations they like. This gives you as much flexibility as possible to build the site you have designed.

Special Note about the Power Users Role

By default, many portlets within Liferay are configured so that Power Users have access to them, but regular users do not. If you decide to remove the Power Users role from the default user associations (see below on page 102), you will need to modify the permissions on certain portlets. To do this, see the section on Plugins Configuration below (page 114).