Groups
Groups are sets of users with a common organizational or functional responsibility. Users which are member of a group automatically inherit all its userroles and the roles granted to it within specific security domains.
Groups Configuration
The groups are stored in the repository under path /hippo:configuration/hippo:groups as children of hipposys:groupfolders nodes. These folders can be nested in the same way as user folders. A group is represented by a single node with the group name used for the node name. The members of the group are stored in the multi valued property hipposys:members and are referenced by their name, which is equal to the user its node name.
Although the group node type has a hipposys:groups property, nested groups are not (yet) supported.
Groups can be managed by the CMS or synchronized with an external source like LDAP. For groups that are managed from the CMS the hipposys:group node type is used. For externally managed users the hipposys:externalgroup type can be used. The hipposys:securityprovider property specifies which security provider manages the group. For CMS managed groups the provider is internal.
If a group is marked as a system group by setting the property hipposys:system to true, the group is protected and hidden from the CMS setup management UI.
Node type definitions
hipposys:group
[hipposys:group] > nt:base - hipposys:securityprovider (string) = 'internal' mandatory autocreated - hipposys:system (boolean) - hipposys:members (string) multiple - hipposys:groups (string) multiple - hipposys:description (string) - hipposys:userroles (string) multiple
|
Name |
Type |
Required |
Description |
|---|---|---|---|
|
node name |
String |
yes |
the group name |
|
hipposys:system |
Boolean |
no |
Can be used to indicate that the group is a system group and should be hidden from the Bloomreach Experience Manager group management. |
|
hipposys:members |
String |
yes |
the username of the user that is member of the group. Multiple hipposys:members can be set with each containing one username. |
| hipposys:groups | String | no | not used/implemented |
|
hipposys:description |
String |
no |
A description of the group |
| hipposys:userroles | String | no | The set of userroles assigned to the group |
hipposys:externalgroup
[hipposys:externalgroup] > hipposys:group - hipposys:syncdate (date) - * (string)
hipposys:groupsfolder
[hipposys:groupfolder] > nt:base + * (hipposys:group) = hipposys:group + * (hipposys:groupfolder) = hipposys:groupfolder
Example group configuration
/hippo:configuration:
/hippo:groups:
/admin:
jcr:primaryType: hipposys:group
hipposys:members: [ admin ]
hipposys:userroles: [ xm.default-user.system-admin ]
/mygroup:
jcr:primaryType: hipposys:group
hipposys:members: [ ann, robbert, mary ]
hipposys:userroles: [ my.author ]
Default provided groups
| name | userrole | members | system | description |
| author | xm.default-user.author | no | members of this group can edit content | |
| editor | xm.default-user.editor | no | members of this group can edit and (de)publish content | |
| webmaster | xm.default-user.webmaster | no | members of this group can edit the HST configuration and configure channels | |
| admin | xm.default-user.system-admin xm.repository-browser.user |
no | members of this group have all privileges | |
| cms-admin | xm.default-user.cms-admin | no | members of this group have CMS administrative privileges | |
| everybody | * | yes | every logged in user is automatically member of this group |