Overview
Security in rockumentation follows the precedence set forth by Sites
and Pages in Rock. As a refresher of that concept, the root page
inherits security from the site and child pages inherit security from
their parent page.
In our context, the Book is the main security force. All book
Version's inherit their security from the Book. Underneath the version
comes the root article, which inherits it's security from the version.
Finally, any child articles inherit security from their parent article.
What this means, is that you can secure individual articles or entire
trees of articles. On top of that, you can lock down a single version
of a book. For example, when you publish a new version of a book, you
might decide to lock down the prior version so your normal editors can
no longer edit.
Default Security
When you install the plugin, two security roles are added for you.
The first is the RSR - Documentation Administrator
role.
This role is granted access to create, edit and administrate
documentation. Generally speaking, this role has access to do anything
with books, versions and articles.
The second role is RSR - Documentation Editor
. This role
is granted limited access to make changes. Generally speaking, they are
only allowed to edit existing articles. They cannot create new books,
versions or articles.
Security Model
In the following sections you will learn how the security model works
with the different entity types. With this knowledge you can begin to
customize the security to create your own security roles with specific
access.
In all cases, view access follows the normal View security permissions.
Books
To create new books, you must have Administrate access to the DocumentationBook
entity type (this can be set under Security, Entity Administration).
In order to delete existing books, you will need Administrate access to the book you are attempting to delete.
If you want to edit an existing book, you also need Administrate access to the book in question.
Important
This is a deviation from the normal need of Edit access. This is done because editing a book is considered an administrative change, and also to allow for easier security inheritance
Versions
To add a new version of a book, you must have Administrate access to the book that will contain the version.
Deleting an existing version of a book will require that you have
have Administrate access to the specific version you are deleting.
In order to edit an existing version, you also need Administrate access to the version in question.
Important
This is a deviation from the normal need of Edit access. This is done because editing a version is considered an administrative change, and also to allow for easier security inheritance.
Articles
Creating a new article requires Administrate permission on the parent article that will be the parent of the new article.
If you attempt to delete an article, you will need to have Administrate permission on the article to be deleted.
In order to edit the contents of an article, the user must have Edit
access. In addition, to edit other aspects of the article (such as
title), the user must have Administrate access to the article.