This unit takes a quick look at the security basics of Magnolia. Includes a video on adding new users.
Basic security settings are handled by powerful Security app.
Magnolia CMS has two different user types.
- Users - A user is a standard Magnolia account. Users are generally editors and publishers.
System users - Out-of-the-box Magnolia is configured with two system users:
- Superuser is a standard administrator account with full access to Magnolia CMS.
- Anonymous usually has read-only access to public instances of Magnolia. (If no successful login is registered, the anonymous user is used.)
What is a group?
Users with similar privileges are organized into groups. Permissions granted to a group are inherited by user in the group. A group can have any number of groups and any number of roles assigned to it. You can create groups as required.
What is a role?
A user's role contains the access rights settings in form of ACLs. A role reflects the actions and activities associated with a user. For example, an editor will not need many of the privileges associated with being an administrator. Users can have multiple roles and you create roles as required.
How do I add a new user to the system?
Access to content in Magnolia is controlled through Users, Groups and Roles - accessed via the Security app.
Can security restrictions be applied to apps?
Yes. As part of your provisioning process you can use ACLs to determine what apps are available to users. See
Further security measures can be implemented at an app level in the Configuration app.
What kinds of security checks are performed by the system when a user tries to log in?
The system performs two checks;
The most basic check the system performs is that someone has access to a particular URL.
- Filter chain
Content based security is defined per workspace.
Content security and acls are checked in the filter chain, after determining which workspace and what path within need to be accessed(Is the user allowed to access form website the path /demo-project? Is the user allowed to access in the dam/assets workspace allowed to access /marketing/images? etc.)
IP and HTTP method configuration provides the ability to configure the IP addresses.
The next modules teaches you how to set up a Magnolia CMS project using recommended technologies.