Trados Business Manager
Speech to Text
Managed Translation - Enterprise
Translation Management Connectors
Language Weaver Connectors
Language Weaver Edge
Tridion Docs Developers
RWS User Experience
Internal Trados Studio Ideas
RWS Community Internal Group
RWS Access Customer Portal
RWS Professional Services
RWS Training & Certification
RWS Enterprise Technology Partners
Trados Academic Partners
Trados Approved Trainers
ETUG (European Trados User Group) Public Information
Machine Translation User Group
Nordic Tridion Docs User Group
Tridion Docs Europe & APAC User Group
Tridion UK Meetup
Tridion User Group Benelux
Tridion User Group New England
Tridion User Group Ohio Valley
Tridion West Coast User Group
WorldServer User Group
Trados GroupShare Ideas
Trados Studio Ideas
Language Weaver Ideas
Language Weaver Edge Ideas
RWS Language Cloud TMS Ideas
RWS Language Cloud Terminology Ideas
RWS Language Cloud Online Editor Ideas
Managed Translation - Enterprise Ideas
Tridion Docs Ideas
Tridion Sites Ideas
LiveContent S1000D Ideas
Events & Webinars
To RWS Documentation
To RWS Support
Detecting language please wait for.......
As mentioned in the SDL Web Cloud update in July, we have extended the Tridion authorization model with a new setting and concept called privileges (SDL Web Cloud documentation accessed on 2016-09-05). This post gives an overview and reasons for the feature. I'll describe how privileges work and provide some examples in the next posts.
The Tridion authorization model is now based on four concepts:
Scope determines which Publications, the highest-level folders in SDL Tridion, are visible to groups and users in the Content Manager Explorer. Rights allow users the ability to perform certain actions or commands in a given Publication and determine which buttons they can see or use in the ribbon toolbar. And Permissions determine where these right apply in terms of the ability to read, write, delete, and localize items within organizational items (folders or repositories, to be technical).
For more background on authorization, see some of my previous posts:
Privileges are much like Rights in that they allow Users the ability to perform certain actions or commands in the interface (or API). But unlike rights, privileges can only be set on Groups, not Users, and are not scoped to a specific Publication. The initial release of Privileges includes includes:
These system-wide abilities were added to address the needs of the long-overlooked role of "Application Manager."
In implementations, trusted non-technical "power users" would often know which changes need to be made to things like system-wide lists, the BluePrint, or the publishing queue. But they needed to rely on technical system managers in IT to make changes.
Some projects would set developers or such power users as System Administrators to let them change anything. However, this poses risks to security and isn't necessarily a fair reponsibility to place on roles that typically aren't admins. Authorization is indeed about security and access, but it is also a way to help users feel comfortable that they won't "break" the system.
Fellow product manager Onno Ceelen described privileges as the ability to "empower (non-system) application managers to work across the CMS while preventing 'damage' to the system."
In summary, privileges help you to optionally give system-wide settings management to select users, without giving them full administrative access. This helps both our own SDL Cloud operations team as well as partners, implementers, and IT teams that manage the system on behalf of their users. In the next post, I'll describe the privileges added to the latest release of SDL Web Cloud and how they work. We'll wrap up this series with some examples to give you ideas on how you might take advantage of this new feature.