📚 Product Knowledge
Access Rights Languages
📖 Docs

Access Rights and Languages - Optimizely CMS 12

Exam Area: Area 1 – Product Knowledge (15%)
Reference: https://docs.developers.optimizely.com/content-management-system/docs/access-rights

1. AccessLevel Enum

public enum AccessLevel
{
    NoAccess = 0,
    Read = 1,
    Create = 2,
    Edit = 4,
    Delete = 8,
    Publish = 16,
    Administer = 256,
    FullAccess = Read | Create | Edit | Delete | Publish | Administer
}

2. Built-in Roles

RolePermissions
EveryoneAnonymous users
AuthenticatedLogged-in users
WebAdminsFull CMS access
WebEditorsEdit content

3. Content-level ACL

// Check access rights
public class SecurityService
{
    private readonly IContentSecurityRepository _securityRepository;

    public SecurityService(IContentSecurityRepository securityRepository)
    {
        _securityRepository = securityRepository;
    }

    public bool HasAccess(ContentReference link, AccessLevel level)
    {
        var descriptor = _securityRepository.Get(link);
        return descriptor.HasAccess(
            PrincipalInfo.CurrentPrincipal, 
            level);
    }

    // Set ACL
    public void SetAccess(ContentReference link, string roleName, AccessLevel level)
    {
        var descriptor = _securityRepository.Get(link).CreateWritableClone() 
            as IContentSecurityDescriptor;
        
        descriptor.AddEntry(new AccessControlEntry(roleName, level));
        _securityRepository.Save(descriptor, SecuritySaveType.ReplaceInherited);
    }
}

4. Language-level Access Rights

// Language access rights - an additional security layer for multilingual content
// Admin → Languages → Edit → Manage Access Rights

// Restrict editors to specific languages:
// - Swedish editors can edit Swedish content
// - English editors can edit English content

5. Virtual Roles

// VirtualRole - role evaluated dynamically
[ServiceConfiguration(typeof(IVirtualRoleProvider))]
public class NewVisitorRole : VirtualRoleProviderBase
{
    public override string RoleName => "NewVisitor";

    public override bool IsInVirtualRole(
        IPrincipal principal, 
        object context)
    {
        // Custom logic: user is not logged in
        return !principal.Identity.IsAuthenticated;
    }
}

6. Access Rights Inheritance

Start Page (Allow: WebEditors - Read, Edit)
├── About (Inherits from Start Page)
│   └── WebEditors have Read+Edit
├── Private (Set: WebAdmins only - Overrides inheritance)
│   └── Only WebAdmins have access
└── Blog (Inherits from Start Page)
    └── WebEditors have Read+Edit

Review Questions

  1. What does AccessLevel.Publish mean? (Permission to publish content)
  2. What is IContentSecurityRepository used for? (Get/Set ACL for content items)
  3. What do language-level access rights enable? (Restrict editors to editing specific languages only)
  4. Are access rights inherited by default? (Yes – inherited from the parent content)
  5. What is the Everyone role? (Anonymous users – users who are not logged in)
Trước
Administering
Tiếp theo
Scheduled Jobs Admin