logo
logo

User group combinations examples

User groups allow superusers to configure security policies for groups of users who require the same access. All the policies assigned to a user group apply to all the group members.

First example

In this example, we create three user groups:

Local Content Creators

Create the Local Content Creators user group:

  1. Click to navigate to the Manage page.

  2. Select Users.

  3. On the Users page, click User groups.

  4. On the User groups page, click Add user group.

  5. In the User group properties add:

    • Name: define a name for the user group. In this example, we input Local Content Creators.

    • Users: add any existing users to the user group by clicking Add.

    • Modules: define which modules that the user group is to access. In this example, we click Media and Product.

    • Homepages: define which custom homepage the user group is to be assigned. If left blank, the user group is assigned the default homepage.

  6. Click Save.

Add rules for Local Content Creators

Set the rules for the Local Content Creators user group:

  1. Click to navigate to the Manage page.

  2. Select Users.

  3. On the Users page, click User groups.

  4. On the row for LocalContentCreators, click policies .

  5. Click New rule.

  6. On the New rule dialog box, select M.Asset and M.File.

  7. Click OK.

  8. Click Add condition.

  9. On the Choose definition dropdown menu, select Status (M.Final.LifeCycle.Status).

  10. Click Select.

  11. On the Select items dialog box, select Created and Rejected.

  12. Click Select.

  13. The rules for Asset (M.Asset) are:

    • Read
    • Create
    • Update
    • Delete
    • Submit
    • DownloadOriginal
    • DownloadPreview
    • AddVersion
    • CreateAnnotations
    • ReadAnnotations
    • ViewNotWatermarked
    • ViewFileHistory
    • CreateUserRendition
    • DownloadUserRendition
  14. Click Only entities created by current user.

  15. Click Save.

  16. The policy is saved.

France Market Content Creators

The France Market Content Creators user group, is used to hold specific Market permissions: in this case, France.

Create the France Market Content Creators user group, repeating the steps described in Local Content Creators but inputting the name of France Market Content Creators in step 5.

Add rules and policy for France Market Content Creators

Complete the Add rules steps used previously (steps 1 to 5), and then add the following:

  1. On the New rule dialog box, select M.Asset and M.File.

  2. Click OK.

  3. Click Add condition.

  4. On the Choose definition dropdown menu, select Market (M.PCM.Market).

  5. Click Select.

  6. On the Select items dialog box, select France.

  7. Click Select.

  8. The rules for Asset (M.Asset) are:

    • Read
    • Create
    • Update
    • Delete
    • Submit
    • DownloadOriginal
    • DownloadPreview
    • AddVersion
    • CreateAnnotations
    • ReadAnnotations
    • ViewNotWatermarked
    • ViewFileHistory
    • CreateUserRendition
    • DownloadUserRendition
  9. Click Save.

General Content Creators

The General Content Creators user group holds read rights to the different pages that are required to have a content creator role. These pages include: Sitecore Digital Asset Management (DAM)™ Create page, Sitecore Content Marketing Platform (CMP)™ content creation, Sitecore CMP Work page, and so on. and general read-only download permission for all assets in Sitecore DAM without having specific market permissions.

  1. Complete steps 1 to 5 completed when setting up the Local Content Creators user group.

  2. On the New rule dialog box, select Portal page (Portal.Page).

  3. Click OK.

  4. Click Add condition.

  5. On the Choose definition dropdown menu, select Portal page (Portal.Page).

  6. On the Select items dialog box, select:

    • Home/ Assets

    • Home/ Create

    • Home/ Content

    • Home/ Content/ Content create

    • Home/ Content/ Content detail

    • Home/ Content/ Strategy/ Content strategy create

    • Home/ Asset details

    • Home/ User/ Downloads

    • Home/ DRM/ Download options

    • Home/ Share via email

    • Download search assets

  7. Select Read access.

  8. Click Save.

  9. Click New rule.

  10. On the New rule dialog box, select M.Asset and M.File.

  11. Click OK.

  12. Click Add condition.

  13. On the Choose definition dropdown menu, select M.Content.Repository.

  14. Click Select.

  15. On the Select items dialog box, select Standard.

  16. Click Add condition.

  17. On the Choose definition dropdown menu, select M.Final.LifeCycle.Status.

  18. Click Select.

  19. Select the following access:

    • Read

    • DownloadOriginal

    • DownloadPreview

    • ReadPublicLinks

    • ViewNotWatermarked

  20. Click Save.

Policy combination

Create a user for this user group.

Add the user to the following user groups:

  • Everyone (all users are added to this user group by default)
  • General Content Creators
  • France Market Content Creators
  • Local Content Creators

We are going to create the rule combination of:

  • Any combination of the rules from the user groups:

    • Everyone
    • General Content Creators
  • All combination of the rules from the user groups:

    • France Market Content Creators
    • Local Content Creators

To create this rule combination, complete the following steps:

  1. Click Add to user group.

  2. On the Select items dialog box, selectGeneral Content Creators.

  3. Click Select.

  4. In the Policy combinations, click Add item to add theGeneral Content Creators user group.

  5. Click Add to user group.

  6. On the Select items dialog box, select France Market Content Creators and Local Content Creators.

  7. Click Select.

  8. Click Add set.

  9. In the new set, click Add item to add the Local Content Creators user group.

  10. Click Add set.

  11. In the new set, click Add item to add the France Market Content Creators user group.

  12. Click Save.

Explanation

The user has read-only download rights for all assets, from all markets, but the user can also upload, create and submit content for review only in the market of France.

Example 2

In the following example, we use four user groups:

  • A generic user group with Read permissions. In this example, we use the M.Builtin.Readers user group.
  • General Reviewer
  • Germany Market Content Reviewers
  • Reviewers

These groups hold Portal.Page and Settings access and permissions that are not specific for a localized market and those permissions particular to the German market.

The user groups are assigned to a user with the following policy combination:

  • Rule Combination set to ANY:
    • Everyone
    • M.Builtin.Readers
    • General Reviewer
  • Rule Combination set to ANY:
    • Germany market users
    • Reviewers

The user has read-only download rights to all assets from all markets. The user can review, annotate, approve, and reject assets from the product market of Germany.

Germany Market Content Reviewers

The Germany Market Content Reviewers user group provides the members of the user group with permissions that are specific for the product market of Germany. The settings for this user group are as follows:

Rule

Conditions

Permissions

  • Asset (M.Asset)

  • File (M.File)
  • M.PCM.Market: Germany
  • Read
  • Update
  • Approve
  • CreateAnnotations
  • ReadAnnotations
  • ViewNotWatermarked
  • ViewFileHistory
  • CreateUserRendition
  • DownloadUserRendition
  • Asset (M.Asset)

  • File (M.File)
  • M.Final.LifeCycle.Status: Created
  • M.Final.LifeCycle.Status: Rejected
  • M.Final.LifeCycle.Status: UnderReview
  • Read
  • Update
  • Approve
  • CreateAnnotations
  • ReadAnnotations
  • ViewNotWatermarked
  • ViewFileHistory
  • CreateUserRendition
  • DownloadUserRendition

General Reviewer

The General Reviewer group holds Read rights to the different pages required to have the role of a Reviewer and general Read and Download permissions for all assets in the DAM without specific Market permissions.

Rule

Conditions

Permissions

  • Asset (M.Asset)

  • File (M.File)
  • M.Final.LifeCycle.Status: Created
  • M.Final.LifeCycle.Status: UnderReview
  • M.Content.Repository: Standard
  • Read
  • DownloadOriginal
  • DownloadPreview
  • ReadAnnotations
  • CreatePublicLinks
  • ViewNotWatermarked
  • ViewFileHistory
  • CreateUserRendition
  • DownloadUserRendition
  • Portal page (Portal.Page)
  • Portal page: Home / Review
  • Portal page: Home / Assets
  • Portal page: Home / Asset details
  • Read

Reviewers

The Reviewers user group uses the following policy:

Rule

Conditions

Permissions

  • Asset (M.Asset)

  • File (M.File)
  • M.Final.LifeCycle.Status: UnderReview
  • M.Final.LifeCycle.Status: Rejected
  • M.Final.LifeCycle.Status: Created
  • M.Final.LifeCycle.Status: Approved
  • M.Content.Repository: Standard
  • Read
  • Update
  • Approve
  • DownloadOriginal
  • DownloadPreview
  • CreateAnnotations
  • ReadAnnotations
  • ViewNotWatermarked
  • ViewFileHistory
  • CreateUserRendition
  • DownloadUserRendition

The result of this is that two assets have been created and submitted for approval:

  • arno-smit-141735.jpg: this asset has the Product Market of Germany. The demo user can approve or reject this asset.

  • alison-marras-323013.jpg: this asset has the Product Market of France. The demo user cannot approve or reject this asset.

On the Review page, we can see the impact of the user group policy combination.

Can we improve this article ? Provide feedback