Content access rights can originate from three sources:
- The connector (access rights set in the archive published to the portal)
- The default group (as defined in the Content access rights interface)
- A specific rule (as defined in the Content access rights interface)
Three right levels of rights exist:
- public (built-in)
- authenticated (built-in)
- custom groups
- Fluid Topics manages content access rights at the document level.
- All topics inherit rights from the document to which they belong.
- It is not currently possible to assign rights on a per-topic basis.
When a user publishes a document to the portal, Fluid Topics defines its access rights as follows:
Step 1 - the connector rights are resolved
- Case A: If the connector did not define any rights or defined public, then the Default group applies.
Example: A document has its access rights set to public, and the default group in Fluid Topics is Technicians. The Technicians group prevails over public. Once published in Fluid Topics, the document is only accessible to Technicians.
- Case B: If the connector defined authenticated, and if the default group is a custom group, then the Default group applies.
Example: A document has its access rights set to authenticated, and the default group in Fluid Topics is Technicians. The Technicians group prevails over authenticated. Once published in Fluid Topics, the document is only accessible to Technicians.
- Case C: If neither Case A nor Case B apply, and both the connector and the default groups define a group, then the groups are aggregated.
Example: A document has its access rights set to Maintenance, and the default group in Fluid Topics is Technicians, then the Technicians and Maintenance groups are aggregated. Once published in Fluid Topics, the document is accessible to users belonging to Technicians or Maintenance groups.
Step 2 - the document resulting from Step 1 is compared to the rules defined in Fluid Topics
If a document matches several rules defined in Fluid Topics:
- If a rule is set to public, then the access right is public.
- If a rule is set to authenticated, then the access right is authenticated.
- Otherwise, all the rule groups are aggregated into one rule, e.g., Technicians and Maintenance.
Step 3 - the rule computed during Step 2 is applied to the document
- If the document is restricted to groups, and the user applies a rule to a list of groups, then the groups are aggregated.
Example: The document access level is restricted to the Maintenance group, and the metadata key Category set to Technical_Documents. A rule in Fluid Topics limits access to Technical_Documents to the members of the Technicians group. Thus the Technicians and Maintenance groups are aggregated. Once published in Fluid Topics, the document is accessible to users belonging to Technicians or Maintenance groups.
- Otherwise, the rule calculated in the Step 2 prevails.
A document restricted to several groups is restricted to users belonging to at least one of the groups.
Example of a document with access rights configured in the content and with one rule in Fluid Topics
The document Time Machine Configuration Guide was uploaded to Fluid Topics.
It was published with the following DITA map: _time_machine_conf_guide.ditamap
Its access level is restricted to the Maintenance group with a Fluid Topics Control File:
<?xml version='1.0' encoding='utf-8'?>
<controlFile>
<resources>
<resource>
<filePath>_time_machine_conf_guide.ditamap</filePath>
<rights>
<accessLevel>restricted</accessLevel>
<groups>
<group>Maintenance</group>
</groups>
</rights>
</resource>
</resources>
</controlFile>
A user creates a rule in the Content access rights administration interface restricting access to the dita:mapPath _time_machine_conf_guide.ditamap to the group Technicians.
In this example, the dita:mapPath was used to identify the document. However, any metadata key associated with the document or group of documents can be used to create a rule.
Saving the configuration in the Content access rights interface launches a reprocessing job. Once all content has been reprocessed, the Time Machine Configuration Guide document is only accessible to users belonging to the Technicians or Maintenance groups.
Example of a document with access rights configured with two rules in Fluid Topics
The document Time Machine Configuration Guide was uploaded to Fluid Topics. It has four different variants:
Variant | Audience | Version |
Variant 1 | Novice | 1.0 |
Variant 2 | Novice | 2.0 |
Variant 3 | Expert | 1.0 |
Variant 4 | Expert | 2.0 |
It was published with the following DITA map: _time_machine_conf_guide.ditamap
A user creates a rule in the Content access rights administration interface restricting access to documents with the Audience set to Expert and the Version set to 2.0 to the group Technicians.
Saving the configuration in the Content access rights interface launches a reprocessing job. Once all content has been reprocessed, all documents matching Version = 2.0 OR Audience = Expert are only accessible to users belonging to the Technicians group. In our example, this corresponds to the following variants of the Time Machine Configuration Guide document:
- Variant 2 because Version = 2.0
- Variant 3 because Audience = Expert
Variant 4 because Audience = Expert and Version = 2.0The content access right management relies on specific rules within Fluid Topics.