Liferay Portal provides three administration portlets: Enterprise Admin, Organization Admin, and Location Admin. The three portlets provide different scopes of administration.

As illustrated by the diagram, the Enterprise Admin Portlet has the highest level of administrative functions. It has access to all organizations, locations, and users. The Organization Admin Portlet can access its own information and information for any locations and users that belong to it. The Location Admin Portlet can access its own information and any users that belong to it. This chapter will only address user administration functions contained within the various administration portlets. See the Security and Permissions chapter for instructions on assigning permissions to existing portlets for individual organizations, locations, and users.

A user is an individual who performs tasks using the portal.

Organizations and locations represent a corporate hierarchy. An organization represents a parent corporation. An example would be Liferay USA. A location represents a child corporation of an organization, often times distinguished by its geographic location. Organizations can have any number of locations. Example locations of the Liferay USA organization might be Liferay Chicago, Liferay San Francisco, and Liferay Los Angeles. A user can only belong to a single organization and location.

A user group is a grouping of users. Unlike organizations and locations, user groups have no context associated with them. They are purely a convenience grouping that aids administrators in assigning permissions and roles to a group of users instead of individual users or assigning a group of users to a community. A user can belong to any number of user groups. Both roles and individual permissions can be assigned to user groups, and every user that belongs to that user group will receive the role or permission.