I have a workflow that translates content when clicking on a button being rendered in the document form editor. I look at the workflow configuration which I believe it’s associated to that button at /hippo:configuration/hippo:workflows/translations-workflow and see the following:
If I change hipposys:privileges value to hippo:admin I manage to make it visible only to admin accounts (as they have that privilege associated in their group (via the admin role that contains the hippo:admin privilege).
The issue I’m having is that I need to make that button only visible to a special type of editors. I wanted to try to achieve this using userroles but the configuration node shown above only recognizes hipposys:privileges property (not userroles nor roles). Is there a way to achieve this?
Could you create a separate group for the “special type of editors”? They can have the same permissions as editors but also be giving the priviledges to translations-workflow. Would this work for you?
We currently have a viewer group, an editor group (with author and editor privileges because these users create/edit content and also publish/unpublish it) and, of course, the reserved admin group.
I wanted to create an extra group or extra userrole to have “special editors” who can access that workflow but only them.
The problem I’m facing is that I don’t know what are the right types of privileges to use. One of the uses is that I think that the list of privileges available are not documented. There is a reference in the documentation that has the list of standard privileges coming from jcr (jcr:read, jcr:write, etc). But I can’t see the list of the ones that belong to bloomreach (hippo:admin, hippo:rest…).
I was considering to create one privilege of my own (that is why I was tring userrole approach) but that doesn’t seem feasible (or I haven’t find the way to do it).
Would you know where to find the list of privileges that come from bloomreach?
Or maybe if I could create one of my own?
I was also exploring a way to do this via domain rules but I’m a bit lost there at the moment.
The default userroles have short descriptions that can be seen in a compact view by navigating in the CMS > Settings > brXM User Management > Userroles. Essentially, the security domains are comprised of facets on the nodes providing certain permissions. I would recommend trying something simple to get accustomed to the domain definitions. (e.g. restricting access to a content folder)
You can add new userroles or customize the existing userroles. They should be related to a security domain that determines which permissions the users will have on specific nodes within the JCR.