Table of Contents
Nuxeo EP is organized in domains, that contain workspaces, templates and sections. The documents are created and distributed in these workspaces and sections. The actions available to users in workspaces and sections are determined by access rights.
A domain is a thematic space created by the site administrator at the site root. Domains contain workspaces, templates and sections. They enable you to make your site organization more accurate and precise.
When you log in to the site, you are directed to a page where the list of the available domains is displayed.
Only the site administrators can create new domains. Members of the application are automatically granted reading rights in the new domain.
When the site administrator creates a domain, three root spaces are automatically created inside it:
Workspaces,
Sections,
Templates.
You must create your workspaces and sections in these root spaces.
Workspaces are dedicated to content creation and modification. A workspace's content is meant to be shared and modified through users participation. Once the documents are ready for distribution, they must be published in a section.
You must create workspaces in the root space called Workspaces. You can add as many sub-workspaces as you wish and organize them the way you want.
Sections are the areas where you place the documents created in a workspace when they are ready for distribution to the public or a wider audience. Documents published in sections can only be read. You cannot create or edit documents in sections.
You must create sections in the root space called Sections. You can add as many sub-sections as you wish and organize them the way you want. The structures of Workspaces and Sections are independent and thus can be completely different.
Templates are spaces that can be used as a pattern to create other spaces. They are only available for workspaces. You can manage the access rights of a template or create content in it, like in a regular workspace. When you use the template to create a new workspace, the new workspace gets the access rights and structure defined in the template.
Access rights are permissions granted to users in the different spaces of the application. These access rights determine the actions available to users.
To make rights management easier, Nuxeo EP allow groups of users. You can thus give an ensemble of users the same access rights in a single manipulation.
Access rights can be defined for a whole domain, but also just for a workspace or a section. The rights granted or denied in a space are applied to all its content, including the sub-spaces. This is called rights inheritance. Rights inheritance spares you the declaration of access rights in every single space of the application.
There are five different types of access rights:
restricted reading rights
reading rights,
writing rights,
removing rights,
management rights.
A user who is granted restricted reading rights can read the documents. He can also read the content's metadata and history.
A user who is granted reading rights can read the documents created in the space. He can also read the content's meta-data and history and add comments on the document.
By default, all users have reading rights on the application's content.
Writing rights enable users to consult, create and modify content in the space, but they cannot modify the space itself. For instance, a user with writing rights can add relations on a document, or start a workflow.
Removing rights enable users to delete content in a space, either documents or sub-spaces.
Users with management rights can consult, create and modify content, but they also modify the space and manage its access rights.
