Roles

Roles determine the level of access that users and user groups have to resources. Read about the specific permissions that are associated with the different role types.

Roles can be assigned in the following three ways:

Explicitly assigned by someone with authorization. Use the User and Group Permissions portlet or the Resource Permissions portlet to assign roles explicitly. Explicit role assignments override role blocks.
Implicitly assigned through membership in a user group. Use the Manage Users and Groups portlet to assign group membership.
Inherited through a role assignment on a parent resource. Use the Resource Permissions portlet to administer role blocks that affect inherited role assignments. You can also use the User and Group Permissions portlet to administer the role assignments that a user or group has on a parent resource.

Users and groups can have multiple roles on the same resource. For example, the user Hans Mueller might have both the Editor and Manager roles on a particular page. One of these roles might be inherited via the resource hierarchy and the other might be explicitly assigned by a portal administrator.

The following table summarizes roles and how they affect user interaction with resources:

Role	Permissions
Administrator	Unrestricted access on resources including creating, configuring, and deleting resources. Administrators can also change the access control configuration.
Security Administrator	Creating and deleting role assignments for roles tied to specific resources.
Delegator	No actual access to resource, but can create and delete role assignments. Delegator roles can assign specific users or user groups to roles.
Manager	Creating new resources as well as configuring and deleting existing resources that are used by multiple users.
Editor	Creating new resources and configuring existing resources that are used by multiple users.
Privileged user	Viewing portal content, personalizing portlets and pages, and creating new private pages.
User	Viewing portal content. For example, viewing a specific page or user profile.
No role assigned	Cannot interact with resource.