Please login or register to participate.
holydiver Aug 25, 2010 12:28 AM
I've already set up my Active Directory integration, now I need to know how I control access to various spaces using active directory groups? Suppose I want to do the following:
Set up a "space" called HR
Allow users from the HR group on my Active Directory domain to add/edit/remove all content types to manage sub-spaces within this space
All other users (those in the "staff" group in AD) can view and comment on these items, but they cannot edit the content.

Any ideas?
Let me know thanks!

Replies (1)
romasha Aug 25, 2010 10:01 AM
Hello Aaron,

The Active Directory integration helps you map your AD groups to

To assign permissions to the groups at a Space level, you have to go to the Sharing tab of the space, search for the group and assign it the "can add" role. The staff group can have the "can view" role. The group with the viewer role will be able to comment and view the contents while the HR group can create and collaborate content. {The "can edit" role, makes the users administrators of the Space}.

For content created in a Space (apart from Home Space), the default workflow applied is a two step collaboration workflow. This means, that all content created is available only to the collaborators (groups/users with add role) of the space. To make it available to the viewers, the content has to be workflowed to "Published to Viewers" state.

While applying permissions on Spaces, remember to disable inheritance.

Let me know how it goes.