Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-93744

Create configuration option to not automatically apply owner permissions to web content author


    • Type: Feature Request
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:



      When creating a piece of web content, the user who created it is automatically given Owner permissions for that piece of content (see https://imgur.com/a/RWiHPRc for an example of Owner permissions being applied automatically). This was initially raised in Enterprise support, so we're aware that this is intended functionality but feel that this behaviour is not consistent with other parts of the roles and permissions framework in certain cases. The specific behaviour that our client wants illustrates the inconsistency.

      We have a user to whom is assigned a Role, "A", which allows for creating and editing Web Content items but NOT deleting them or modifying the permissions on them. However, when this user creates a piece of web content, they are automatically given Owner permissions over that content item, bypassing the restrictions enforced by the role. For legal/regulatory reasons due to the nature of our client's content, it is a necessary part of their business process that none of this web content can be deleted by users with this role. (And by extension, users with this role can't have the permissions to modify the permissions on that content item since they could use this to allow unauthorised roles to delete the content). In order to enforce this business rule, we need the option to automatically prevent the user from being given full owner permissions over content they have created, and instead falling back to the user's own permissions.

      Since many users of Liferay will be using it to hold sensitive or classified information, there will likely be many other users who also need to implement similarly restrictive permissions over their content. For this reason, we believe that the option of whether or not to automatically give the user full permissions over content that they create should be configurable at a system level




            support-lep@liferay.com SE Support
            rob.march Rob March
            0 Vote for this issue
            0 Start watching this issue




                Version Package