Documentation

Liferay provides a rich store of resources and knowledge to help our community better use and work with our technology.

Liferay Portal 6.1 - User Guide

Managing Users, User Groups, Organizations, Sites, Teams, and Roles

The Portal section of the control panel is used for most administrative tasks. You'll find there an interface for the creation and maintenance of

Users, User Groups, and Organizations
Sites and Teams
Site Templates
Page Templates
Roles

Additionally, you can configure many server settings, including:

Password Policies
Portal Settings
Custom Fields
Monitoring
Plugins Configuration

You'll use the Portal section of the control panel to create your portal structure, implement security, and administer your users. Configurable portal settings include mail host names, email notifications, and authentication options including single sign-on and LDAP integration. Note that only users with the administrator role, which is a portal scoped role, have permission to view this section of the control panel. You can, of course, grant custom roles permissions to one or more sections.

Adding users

Let's add a user account for yourself and configure this account so that it has the same administrative access as the default administrator account. Go up to the Dockbar, mouse over Go to and click Control Panel. Then open the Users and Organizations page under the Portal category. Click the Add button and select User. Fill out the Add User form using your name and email address. When you are finished, click Save.

Figure 12.1: The Add User Screen

After you submit the form, the page reloads with a message saying that the save was successful. An expanded form appears that allows you to fill out a lot more information about the user. You don't have to fill anything else out right now. Just note that when the user ID was created, a password was automatically generated and, if Liferay was correctly installed (see chapter 11), an email message with the password in it was sent to the user. This, of course, requires that Liferay can properly communicate with your SMTP mail server.

Figure 12.2: Liferay's User Account Editor

If you haven't yet set up your mail server, you'll need to use this page to change the default password for the user ID to something you can remember. You can do this by clicking on the Password link in the box on the right, entering the new password in the two fields, and clicking Save. Next, you should give your user account the same administrative rights as the default administrator's account. This allows you to perform administrative tasks with your own ID instead of having to use the default ID. It also helps to make your portal more secure by deleting or disabling the default ID.

Click the Roles link. The control panel's Roles page shows the roles to which your ID is currently assigned. You should have one role: Power User. By default, all users are assigned the Power User role. You can give this role certain permissions if you wish or disable it altogether. You can also define the default roles a new user receives. We'll see how to do this later.

To make yourself an Administrator, click the Select link. A dialog box pops up with a list of all the roles in the system. Select the Administrator role from the list. The dialog box disappears and the role is added to the list of roles associated with your account. Next, click the Save button, which is at the bottom of the blue bar of links on the right. You are now an administrator of the portal. Log out of the portal and then log back in with your own user ID.

We'll next look at some aspects of user management.

User management

If you click the Users link on the left menu of the control panel, there are now two users in the list of users. If you want to change something about a particular user, you can click the Actions button next to that user.

Edit User: takes you back to the Edit User page, where you can modify anything about the user.

Permissions: allows you to define which roles have permissions to edit the user.

Manage Pages: allows you to edit the personal pages of a user.

Impersonate User: opens another browser window which allows you to browse the site as if you were the user.

Deactivate: deactivates the user's account.

Note that most users can't perform most of the above actions. In fact, most users won't even have access to this section of the control panel. You can perform all of the above functions because you have administrative access.

Let's look next at how to manage organizations.

Managing organizations

Organizations are used to represent hierarchical structures such as those of companies, non-profit organizations, churches, schools, and clubs. They have been used to represent a sports league, with various sports (soccer, baseball, basketball, etc.) and their teams as sub-organizations. If you have a collection of users that fit into a hierarchical structure, you can model that as an organization.

Your portal design might not need organizations or it might have one or several, depending on your portal's function. For example, a simple photo-sharing web site could be powered by sites only (see below for information on sites). On the other hand, organizations are useful for corporations or educational institutions since their users can be placed easily into a hierarchical structure. In fact, organizations in Liferay are designed to model any group hierarchy, from those of government agencies all the way down to those of small clubs. Of course, your portal can use both organizations and independent sites. For example, a corporation or educational institution could create a social networking site open to all portal users, even ones from separate organizations.

Organizations and suborganizations can be created in a hierarchy to unlimited levels, and users can be members of one or many organizations. These organizations can all reside in a single hierarchy or cut across different hierarchies. Note that the rights of an organization administrator apply both to his/her organization and to any child organizations. By default, members of child organizations are members of the parent organizations. This behavior can be customized in your portal's portal-ext.properties configuration file.

Additionally, Organizations can be associated with roles. One application of this in a corporate setting might be an IT Security group. You could have a suborganizaton of your IT organization that handles security for all of the applications company-wide. If you grant the IT Security organization the same administrator role you just gave to your own ID, all members of the organization would have administrative access to the portal. Suppose now that a user in this organization later was hired by the Human Resources department. The simple act of removing the user from the IT Security organization also removes the user's administrative privileges, since the privilege came from the IT Security group's role. By adding the user to the HR organization, any roles the HR organization has (such as access to a benefits system in the portal) are transferred to the user. In this manner, you can design your portal to correspond with your existing organization chart, and users' permissions are granted according to their positions in the chart.

Of course, this is only one way to design it. If you have more complex requirements, you can combine organizations with teams and scoped roles to assemble the sets of permissions you wish to grant to particular users. But we'll get to that. Let's first see how to manage organizations.

To add an organization, click the Users and Organizations link on the left side of the control panel. Then click the Add button and choose Regular Organization.

Does your organization need to have its own web site? Most organizations don't, but some do, and Liferay provides this ability by attaching a site to an organization. To attach a site when you create an organization, click the Organization Site tab at the right, and check the Create Site box. If you don't know right now if your organization needs a web site, that's fine: you can always add one later if the need arises.

Figure 12.3: Adding an organization

Name: Enter a name for the organization.

Type: Choose whether this is a regular organization or a location. A location cannot have any suborganizations.

Parent Organization: Select an organization in the system to be the direct parent of the organization you are creating. Click the Remove button to remove the currently configured parent.

tip

Tip: Note that you're already a member of any organizations that you create. By creating an organization, you become both a member and receive the Organization Owner role, which gives you full rights to the organization. You can, of course, add other users to this role to make them Organization Owners.

Fill out the information for your organization and click Save. As before with users, the form reappears and you can enter more information about the organization. Organizations can have multiple email addresses, postal addresses, web sites, and phone numbers associated with them. The Services link can be used to indicate the operating hours of the organization, if any.

For now, click the Back button. This takes you back to the list of organizations.

Click the Actions button next to the new organization you created. This shows the actions you can take to manipulate this organization.

Edit: lets you specify details about the organization, including addresses, phone numbers, email addresses, and websites.

Manage Site: lets you create and manage public and private pages for the organization's site.

Manage Teams: lets you create teams within this organization, to which you can assign users and permissions.

Assign Organization Roles: lets you assign organization-scoped roles to users. By default, Organizations are created with three roles: Organization Administrator, Organization User, and Organization Owner. You can assign one or more of these roles to users in the organization. All members of the organization automatically get the Organization User role so this role is hidden when you click Assign Organization Roles.

Assign Users: lets you search and select users in the portal to be assigned to this organization as members.

Add User: adds a new user in the portal and assigns the user as a member of this organization.

Add Regular Organization: lets you add a child organization to this organization. This is how you create hierarchies of organizations with parent-child relationships.

Add Location: lets you add a child Location, which is a special type of organization that cannot have any children added to it.

Delete: deletes this organization from the portal. You must ensure that the organization has no users in it first.

If you click the View button at the top of the Users and Organizations page and select View Hierarchy you can view both a list of users who are members of this organization and a list of all the suborganizations of this organization.

We briefly mentioned sites during this discussion. Sites are another construct within the portal, and have different properties than organizations. Let's see how you can use them.

Sites

As stated in chapter 1, a site is a set of pages that can be used to publish content or applications. Sites can be independent or they can be associated to one organization and act as the website of that organization.

Liferay's sites can be used for a variety of purposes, from corporate websites to company intranets including small sites to collaborate among members of a team. To support all types of collaboration and social scenarios, Liferay's sites support three types of membership types:

Private: Users are not allowed to become members of the site. Site administrators can still manually select users and make them members of the site.
Restricted: Users are allowed to request members of the site and site administrators have to aprove the request. The request can be done from the My Sites application.
Open: Users are allowed to become members of the site at any time. This can be done from the My Sites portlet.

In addition to these memberships, when a site is associated to an organization, all the users of that organization are automatically considered members of the site.

Members of a site can be given additional privileges within the site by using Liferay's permission settings. It is also possible to assign different roles within the site to different members. This can be done through site roles which are defined equal for all sites or teams which are unique for each site.

Liferay's Sites can have two hierarchies of pages: public pages and private pages. A site can have only public pages, only private pages or both. The main difference between the two hierarchies is that private pages can only be accessed by members of the site. For both of them it is possible to restrict access to them in finer detail for each page through the permission system. Public pages and private pages are accessed through a different URL and can have a different look and feel, but they share the same content.

An example of using sites could be a corporate Intranet running Liferay which might have sites for all the organizations in the company: Sales, Marketing, Information Technology, Human Resources, and so on. But what about the corporate health and fitness center? That's something that everybody in the company, regardless of organization, may want to join. This makes it a good candidate for an open and independent site. Similarly, the home page for a corporate intranet should probably be placed in an open independent site so that any member of the portal can access it.

For other kinds of web sites, you may want to use independent sites to bring people together who share a common interest. If you were building a photo sharing web site out of Liferay, you might have independent sites based on the types of photos people want to share. For example, those who enjoy taking pictures of landscapes could join a Landscapes site, and those who enjoy taking pictures of sunsets could join a Sunsets site.

Liferay always provides one default site, which is also known as the main site of the portal. This site does not have its own name, but rather takes the name of the portal. By default the portal name is liferay.com, but this value can be changed through the simple configuration of the setup wizard. The portal name can also be changed at any time through the control panel within Portal Settings.

tip

Tip: Prior to Liferay 6.1, there were two ways of creating sites: organizations and communities. This situation has been simplified to provide more ease of use and allow for more flexibility. The main role of organizations is still or organize the users of the portal in a hierarchy but they can also have associated sites. Communities can still be created through independent sites, but the new name reflects the fact that sites can be used for many different purposes besides communities.

Sites can be created through the control panel, like all administration operations in Liferay. To add a site, click the Sites link on the left side of the control panel in the Portal section, and then click Add in the toolbar. If there is at least one site template available, a dropdown menu will be shown allowing you to select a Blank Site or one of the site templates available. Site templates provide a preconfigured set of pages, applications and content that can be used as the basis of the site.

The following figure shows the form that needs to be filled when creating a Blank Site.

Figure 12.4: Adding a Site

Name: is the name of the site you wish to create.

Description: describes the site's intended function.

Membership Type: can be open, restricted, or private. An open site appears in the My Sites portlet and users can join and leave the site whenever they want. A restricted site is the same except that users can only request membership. A site administrator must then explicitly grant or deny users' requests to join. A private site does not appear in the My Sites portlet, and users must be added to it manually by a site administrator.

Active: determines whether a site is active or inactive. Inactive sites are inaccessible but can be activated whenever a site administrator wishes.

Once you've created a site, it appears in the Sites page of the control panel. Once the site has been created you can specify more details about the site, and these fall under three main categories: Basic Information, Search Engine Optimization, and Advanced.

Figure 12.5: Editing a Site

Details: lets you edit the information you entered when you created the site and allows you to choose a site template for the public or private pages of your site. If you select a site template, leave the Enable propagation of changes from the site template box checked to automatically update your site if the associated site template changes. The update will only be done to pages which have not been changed within the specific site. If you uncheck this box but recheck it later, the template pages are then reapplied to your site, overwriting any changes that may have been made. Only users who have the permission "Unlink Site Template" will be able to disable the propagation of changes. When the propagation is enabled, the site template might prevent modification of all or certain pages to ensure that the propagation occurs.

Categorization: allows you to apply categories and tags to the site.

Site URL: lets you set friendly URLs and virtual hosts for your web site.

Site Template: provides additional information about the site template associated to the pages of the site (if any).

Sitemap: lets you use the sitemap protocol to notify search engines that your web site is available for crawling.

Robots: lets you use a robots.txt file to specify certain pages and links that you don't want to be indexed by search engines. You need to set a virtual host before you set a robots.txt file.

Staging: lets you turn on either Local Live staging or Remote Live staging. To enable staging, the Enable propagation of changes from the site template box on the Details tab must be unchecked. With staging enabled, changes to the site template are automatically propagated to the staged site, not to the live site. The changes still must be approved before the site is published to live.

Analytics: lets you set a Google Analytics ID that is used for your site.

When creating a site from a site template, the initial form provides a new option that lets you decide if you want to copy the pages from the template as public pages or as private pages. By default, the site is linked to the site template, and changes to the site template propagate to any site based on it. A checkbox appears that allows users to unlink the site template if the user has permission to do so.

Site templates are very powerful for managing many similiar sites. Let's look further at how they work.

Site Templates

Site Templates can be administered in the control panel, within the portal section of the left menu.

Creating or modifying a site template is done using the same tools used to manage a site. You can use these tools to add a hierarchy of pages. Each page can have any configuration and any number of applications, just like a regular site. When you create a site using a site template, the configuration of pages and applications are copied from the template to the site. By default, all changes made to the site template are automatically copied to sites based on that template.

Site templates can also contain content just like actual sites. This allows you to use a site template to create sample content that appears in your site when it is first created. Changes to a site template's content, however, are not propagated to existing sites that are linked to the site template.

tip

Tip: If you want to publish a piece of web content to many sites and ensure that modifications are applied to all, don't use site template content for that purpose. Instead, place the content in the global scope and then reference it from a Web Content Display application in each site.

By default, the following site templates are provided:

Community Site: Provides a preconfigured site for building online communities. The home of a community site provides message boards, search, a display of a poll and user statistics of the activity of the members of the community. The site will also be created with a page for a community calendar and a page for a wiki.
Intranet Site: Provides a sample preconfigured site for an intranet. The Home page displays the activities of the members of the site, search, a language chooser and a list of the recent content created in the intranet. It also provides 3 additional pages for Documents and Media, Calendar and external News obtained through public feeds.

The following figure displays the form shown when editing the Community Site template:

Figure 12.6: Site Templates

To view and manage the pages of a site template, click the Open site template link. This opens the template in a new browser window (or tab) and it can be navigated or managed like you would do for a regular site..

For example, let's suppose that we need to create sites for three suborganizations of the Nosester organization: Engineering, Marketing, and Legal. These are to be private sites designed for each organization's internal use. We could design each site separately but we can save ourselves some work if we create a site template to use instead.

To create a site template, navigate to the control panel and click Site Templates. Then click Add and enter a name for your template: we'll use Organization Site Template for our example. Leave the Active and Allow Site Administrators to Modify the Pages Associated with This Site Template boxes checked. The Active box needs to be checked in order for your template to be usable. If your template is still a work in progress, you can uncheck it so that no one uses it until it's ready. Checking Allow Site Administrators to Modify the Pages Associated with This Site Template allows Site Administrators to modify or remove the pages and portlets that the template introduces to their sites--if you want the templates to be completely static, you should uncheck this.

Click on the Open site template link to begin adding pages and portlets and configuring the layouts. For our example, we would like our template to include four pages: a Home page with the Activities, Announcements, and Calendar portlets, a Documents and Media page with the Documents and Media portlet, a Wiki page with the Wiki portlet and a Tag Cloud portlet, and a Message Boards page with the Message Boards and Tag Cloud portlets. The changes are automatically saved as you make them, so once you're finished, return to the Site Templates page of the control panel and select Save.

Figure 12.7: You can see the name of the site template you're currently editing

Now let's create the Engineering, Marketing, and Legal organizations whose sites we want to create with our template. Go to the control panel and click Users and Organizations. Then click the Add button and select Regular Organization. Enter a name for your organization, select the Organization site tab, and check the Create Site box. When you check this box, two drop-down lists appear: one for the site's Public Pages and one for its Private Pages. To use your template to create the site, select the name of your template, Organization Site, from the Private Pages drop-down list. Click Save to create your site. You can view the new site by clicking the Open private pages link from the newly created organization page. The new site will have all the pages and portlets you created in the template. This feature streamlines the site creation process for administrators, making it easy to quickly create sites. Next, let's discuss how to create and apply page templates.

Page Templates

Page templates function similarly to site templates but at the page level. Page templates provide a pre-configured page to reuse. Within a page template it is possible to set up a theme, a layout and specific applications and their configuration. Both sites and site templates can utilize page templates for creating new pages.

Figure 12.8: Page Templates

The Page Templates page of the control panel shows a list of created page templates and lets you create new ones. It also allows you to edit existing templates and configure their permissions. By default three sample page templates are provided:

Blog: provides a page with three applications related to blogging. It has two columns, the main left column contains the blogs portlet and the small right column provides two side portlets, tags cloud and recent bloggers. The tag cloud application will show the tags used within the site and will allow navigating through the blog entries shown in the main blogs portlet.
Wiki: provides a page with three applications related to authoring a wiki. It also has two columns, the main left column with the wiki application and two right side portlets to allow navigating through pages by tags and categories.
Content Display Page: provides a page that is preconfigured to display content. It has three auxiliary applications (tags navigation, categories navigation and search) and an Asset Publisher. The most significant aspect of this page is that the Asset Publisher is preconfigured to be display any web content that is associated with this page. Because of that when creating a web content it will be possible to select any page created from this page template and a unique (canonical) URL for the web content pointing to this page will be created for it.

To add a new page template, click the Add button. Then enter a name and description for your template. Leave the Active button checked. Click Save and then identify your page template in the list. Click its name or use the Actions button to edit the page template. The Open Page Template link opens a new browser window which you can use to configure your new page. Any changes you make are automatically saved so you can close the new browser window once you're done.

Note that after a new page template has been created the default permissions are to only allow the creator to use the page template. In order to provide access to it to other users, use the actions menu in the list of templates and choose Permissions. Once you see the matrix of roles and permissions, check the View permission for the role or roles that are needed to see the page template in the list of available page templates when creating a new page. If you want any user who can create a page to be able to use the page template, just check the View permission for the User role.

Figure 12.9: Selecting a Page Template

To use your template to create a new page, just navigate to a page over which you have site administrator privileges and select Add → Page from the Dockbar. You'll be able to select a page template and type a name for the new page. Alternatively, you can use the control panel. First, in the context selector menu, select the site to which you'd like to add a page and then click on the Site Pages link. Then click the Add Page button, type a name, select your template from the drop down menu, and click Add Page to finish.

Figure 12.10: Choosing whether or not to automatically apply page template changes to live pages

Note that by default, when a site administrator creates a page based on a page template, any future changes to the template are automatically propagated to your page. Site administrators can disable this behavior by editing the page unchecking the Automatically apply changes done to the page template box.

If staging has been enabled, changes to the page template are automatically propagated to the staged page. These changes still need to be approved before the page is published to live. For this reason, the automatic propagation of page template changes to the staged page cannot be turned off and the Automatically apply changes done to the page template checkbox does not appear.

Now that we've looked at site and page templates, let's discuss how to set up and manage user groups.

User Groups

User Groups are arbitrary groupings of users. These groups are created by portal administrators to group users together who don't necessarily share an obvious hierarchical attribute. Users can be assigned to multiple user groups. User Groups are most often used to achieve one of the following goals:

Simplify the assignment of several roles to a group of users. For example, in a University portal, a user group could be created to group all teachers independently of their organization to make it easier to assign one or several roles at once to all the teachers.
Simplify membership to one or more sites by specifying a group of users. Using the previous example, all teachers could be members of the sites University Employees and Students and Teachers Collaboration Site by adding the Teachers user group as a member.
Provide predefined public or private pages to the users that belong to the user group. For example, the Teachers user group could be created to ensure that the home page on all teachers' personal sites has the same layout and applications.

Creating a user group is easy. Navigate to the control panel, click the Users Groups link, and then click the Add button. There are only two fields to fill out: Name and Description. Click Save and you will be redirected back to the User Groups page of the control panel.

Figure 12.11: Creating a New User Group

Note in the figure above how each user group may have a site, with public and private pages. This is a special type of site that determines the base pages on all user group members' personal sites. The user group site works in a similar way to Site Templates, except that in this case the the User Group Site pages are not copied for each user, but are rather shown dynamically along with any custom pages that the user may have on his/her personal site. For this reason, users are not allowed to make any modifications to the pages that are inherited from the user group. Alternatively the administrators of the user group can define certain areas as customizable, just like they can for regular sites. This allows users to decide which applications they want to place in certain areas of each page, as well as change their configuration.

Figure 12.12: User Group Actions

As with the other resources in the portal, you can click the Actions button next to a user group to perform various operations on that group.

Edit: allows you to modify the name or description of the user group.

Permissions: lets you define which roles have permissions to view, edit, delete, assign members to the user group, etc.

Site Permissions: lets you define which roles have permissions to manage the user group site, to specify who can administer its pages, export and import pages and portlet content, manage archived setups, and configure its applications.

Manage Site Pages: allows you to add pages to the user group site, import or export pages, organize the page hierarchy, modify the look and feel of the pages, add a logo, or access other options from the Manage Site interface.

Assign Members: lets you search for and select users in the portal to be assigned to this user group as well as view the users currently belonging to the user group .

Delete: deletes the user group.

If your user group has a site, two options named Go to the Site's Public Pages and Go to the Site's Private Pages also appear as links in your user group's Actions menu. Clicking one of these links opens the user group's site in a new browser window. Any changes you make to the site are saved automatically. You can safely close the browser window when you're done.

Creating and editing a User Group

A user group's site can be administered from the control panel. Select User Groups from the control panel to see a list of existing user groups. To edit a user group, click on its name or description. You can also click on the Actions button to see the full list of actions that can be performed on a user group. When editing a user group, you can view its site, if it exists, by clicking the Open Pages link under Public Pages or Private Pages (read below for details on user group sites).

As an example of how user group sites can be used, let's create a user group called Bloggers along with a simple template. We'll call the site template Bloggers too. It should contain a single Blog page with the Blogs and Recents Bloggers portlets on it. First, navigate to the User Groups page of the control panel. Then click Add and enter the name Bloggers for your user group, and optionally, a description. Click Save to create your user group.

Our next step is to assign an existing user to the Bloggers group.

Assigning Members to a User Group

Navigate to Users and Organizations and create a new user called Joe Bloggs. Then navigate to the User Groups page of the control panel and click Actions → Assign Members next to the Bloggers group. Click the Available tab to see a list of users that can be assigned to the group.

Figure 12.13: Assigning Members to a User Group

From that list, one or more users can be selected to be assigned as members of the user group.

For example, by default, newly created users are given Welcome pages on the public pages portion of their personal sites. This Welcome page contains the Language, Search, and Blogs portlets. You can see the effect of the Bloggers site template on the public pages of Joe Bloggs's personal site in the figure above. When Joe Bloggs was added to the Bloggers group, he received a Blogs page with the Blogs and Recent Bloggers portlets.

After the user group has been created and several users have been added to it, you can add all those users at once as members of a site in one step from the Site Memberships UI of the site. You can also use the user group when assigning a role to users from the roles management UI.

The next section describes a more advanced usage of user groups: User Group Sites.

User Group Sites

Liferay allows users to each have a personal site consisting of public and private pages. Permissions can be granted to allow users to customize their personal sites at will. Originally, the default configuration of those pages could only be determined by the portal administrator through the portal-ext.properties file and, optionally, by providing the configuration in a LAR file. You can still configure it like this, but it isn't very flexible or easy to use.

By using User Group Sites, portal administrators can add pages to the personal sites of all the users who belong to the site in an easy and centralized way. All the user group site's public pages are shown as part of the user's public personal site. All the user group site's private pages are shown as part of the user's private site. If a user belongs to several user groups, all of its pages are made part of his public and private site. In an educational institution's portal, for example, teachers, staff, and students could get different default pages and applications on their personal sites.

The pages that a user personal site inherits from a User Group still belong to the User Group and thus cannot be changed in any way by the users. What the user group administrators can do is define certain areas of the pages as customizable to allow the users to choose which applications and what configuration should be shown in those areas. If a user has permission to add custom pages to his/her personal site, besides those inherited from a user group, the custom pages are always shown last.

Since the inheritance of pages is done dynamically, this new system introduced in Liferay 6.1 can scale to hundreds of thousands of users or even millions of them without an exponential impact in performance. Previous versions of Liferay used a different technique that required that the user group pages were copied to each user's personal site. For portals upgrading from previous versions of Liferay, you can keep the old behavior, but it has been left disabled by default. You can enable it by adding the following line to your portal-ext.properties file:

user.groups.copy.layouts.to.user.personal.site=true

When this property is set to true, once the template pages have been copied to a user's personal site, the copies may be modified by the user. Changes done to the originals in the User Group will only affect new users added to the user group. Users with administrative privileges over their personal sites can modify the pages and their content provided that the Allow Site Administrators to Modify the Pages Associated with This Site Template box has been checked for the template. When a user is removed from a user group, the associated pages are removed from the user's personal site. Moreover, if a user is removed from a group and is subsequently added back, the group's template pages are copied to the user's site a second time. Note that if a user group's site is based on a site template and an administrator modifies the user group's site template after users have already been added to the group, those changes only take effect if the Enable propagation of changes from the site template box for the user group was checked.

tip

Tip: Previous to Liferay 6.1, pages from different user groups could be combined on users' personal sites by using a naming convention. Liferay 6.1 simplifies the way user groups' sites work by disallowing page combination. Set the property user.groups.copy.layouts.to.user.personal.site to true if you depend on that functionality.

You can create a user group's site manually or base it on a site template. To create a user group's site manually, use the Actions menu mentioned above and choose Manage Site Pages. You can add a new public or private page by selecting the appropriate tab and then clicking the Add Page button. Once the user group has at least one public or private page in place, you can go back to the Actions menu and click on the Go to the Site's Public Pages or Go to the Site's Private Pages link to open the user group's site in a new browser window. In the new window, you can add more pages and portlets and configure site settings.

You can also base a user group's site on a template. When editing a user group, use the Public Pages and Private Pages drop down lists to select a site template. Leave the Enable propagation of changes from the site template box checked to automatically update users' personal sites if the associated site template changes. If you uncheck this box but recheck it later, the template pages are copied to the users' sites, overwriting any changes they may have made. You can allow users to make changes to the pages they receive from the user group by enabling the customization options on each page.

This flexibility lets you achieve almost any desired configuration for a user's personal site without having to modify it directly. When a user is assigned to a user group, the configured site pages are copied directly to the user's personal site.

Following with the example above, we will create a site for our sample user group. Edit the Bloggers group. Choose an existing Site Template from the drop down menu for the user group's public pages and click Save. After the page reloads you can click to see the pages and make any changes desired, add additional pages, etc.

Figure 12.14: Selecting a Template for the User Group Site

Also, try visiting the public site of one of the users that belong to the user group. You will see how all of the pages in the user group appear as part of the user site, including the ones copied from the site template and the ones added afterwards.

Roles

Roles are groupings of users that share a particular function within the portal, according to a particular scope. Roles can be granted permissions to various functions within portlet applications. You can think of a role as a description of a function, such as Message Board Administrators. A role with that name is likely to have permissions relevant to the specific Message Board portlets delegated to it. Users who are placed in this role will inherit these permissions.

The roles page of the control panel serves as a single interface which lets you create roles, assign permissions to them, and assign users to the roles. Roles can be scoped by portal, site, or organization. To create a role, click the Roles link, and then click the Add button. You can choose a Regular, Site, or Organization role. A regular role is a portal-scoped role. Make a selection and then type a name for your role, a title, and a description. The name field is required but the title and description are optional. If you enter a name and a title, the title will be displayed in the list of roles on the Roles page of the control panel. If you do not enter a title, the name will be displayed. When you have finished, click Save.

Figure 12.16: Roles Page and Role Actions Menu

After you save, Liferay redirects you to the list of roles. To see what functions you can perform on your new role, click the Actions button.

Edit: lets you change the name, title, or description of the role.

Permissions: allows you to define which users, user groups, or roles have permissions to edit the role.

Define Permissions: defines what permissions this role grants. This is outlined in the next section.

Assign Members: lets you search and select users in the portal to be assigned to this role. These users will inherit any permissions that have been assigned to this role.

View Users: allows you to view the users who have been assigned to this role.

Delete: permanently removes a role from the portal.

Next, let's examine how to configure the permissions granted by different roles.

Defining Permissions on a Role

Roles serve as repositories of permissions to be assigned to users who belong to them. So, to use a role, you need to assign members to it and define the permissions that you want to grant to members of the role.

Figure 12.17: Defining Permissions on a Role

When you click the Actions button on portal-scoped role and select Define Permissions, you will be shown a list of all the permissions that have been defined for that role. Click the Add Permissions drop-down menu to see a list of the permissions that can be defined. As of Liferay version 6.1, these permissions fall into seven categories: Portal, Site Content, Site Application, Control Panel: Personal, Control Panel: Site, Control Panel: Portal, and Control Panel: Server. For non-portal scoped roles, you need to click on the Options link on individual portlets, then Configuration, then Permissions to assign permissions within the site or organization that owns the portlet.

Portal permissions cover portal-wide activities that comprise several categories, such as site, organization, location, password policy, etc. This allows you to create a role that, for example, can create new sites within the portal. This would allow you to grant users that particular permission without making them overall portal administrators.

Site Content permissions cover the content that the installed portlets create. If you pick one of the portlets from this list, you'll get options for defining permissions on its content. For example, if you pick Message Boards, you'll see permissions for creating categories or threads, or deleting and moving topics.

Site Application permissions affect the application as a whole. So, using our Message Boards example, an application permission might define who can add the Message Boards portlet to a page.

The control panel permissions affect how the portlet appears to the user in the control panel. Some control panel portlets have a Configuration button, so you can define who gets to see that, as well as who gets to see an application in the control panel.

Figure 12.18: Message Board Content Permissions

Each possible action to which permissions can be granted is listed. To grant a permission, check the box next to it. If you want to limit the scope of the permission to a particular site, click the Limit Scope link, and then choose the site. Once you have chosen the permissions granted to this role, click Save. For a portal-scoped Message Boards Administrator role, you might grant content permissions for every action listed. After you click Save, you will see a list of all permissions that are currently granted to this role. From here, you can add more permissions or go back by clicking a link in the breadcrumb list or the Return to Full Page link.

Roles are very powerful, and allow portal administrators to define various permissions in whatever combinations they like. This gives you as much flexibility as possible to build the site you have designed.

Special Note about the Power Users Role

Prior to Liferay 6.0, the default configurations of many Liferay portlets allowed power users, but not regular users, to access them. Liferay 6.0 and subsequent versions grant the same default permissions to both power users and regular users. This way, portal administrators are not forced to use the power users role. However, Liferay encourages those who do to create their own custom permissions for the role.

tip

Note: Prior to Liferay version 6.0, Power Users and Users did not have the same default permissions. So if are using Liferay 5.2 or a previous version, it's dangerous to remove the Power Users role from the default user associations: this could remove certain permissions that you expect to apply to all users. If you decide to remove the Power Users role from the default user associations anyway, you will probably want to modify the permissions on certain portlets to make them accessible to all users. To do this, see the section on Plugins Configuration below.

Liferay 6.0 introduced a new feature to Liferay's permissions system: teams. Let's examine them next.

Teams

Teams don't appear as a link in the control panel because they exist within sites. Teams allow site administrators a greater degree of flexibility than was possible using just user groups and roles. They allow site administrators to create various sets of users and permissions for site-specific functions. Teams are the preferred method for collecting permissions within a single site.

If you create a team for one site, the permissions defined for it are not available to any other sites. In contrast, if you assigned a custom role to a user group, the role would be available portal-wide even though the specific permissions defined by it would only apply within the scope of a designated site. Furthermore, team members, unlike user group members, are guaranteed to be members of the desired site.

To create a team within a site, first naviagte to the Control Panel → Sites page then and then select Actions → Manage Memberships for the site within which you want to create a team. Finally, click View → Teams and click the Add Team button.

Figure 12.19: Creating a Team within a Site

After you've clicked the Add Team button and entered a name and a description, click Save. Your new team will appear in the list. To add members, simply click on Actions → Assign Members.

Permission management for teams is handled at the individual portlet level, using the Options → Configuration → Permissions tab of the portlet itself. Remember that the portlet options link is the wrench symbol at the top of a portlet. This enables users who wouldn't have access to all of the necessary options in the control panel to manage permissions through teams.

Assigning Portlet Permissions to a Team

To give a team access to a particular portlet function, access the Permissions tab of a portlet residing on a page, check the boxes corresponding to permissions you want to assign to the teams, and then click Save. That's it! Now your team is ready to perform their functions. Next, let's look at how to configure Liferay's portal settings.

Liferay in Action

Contact Us