Content authority group (CAG) permissions are specified for each member of a CAG in the definition of each CAG. Document System security permissions are defined in the Access Settings section in the definition of most CM definition objects.
Both types of permissions affect your ability to view and define CM definition objects. The interaction between these two different sets of permissions enables some sophisticated structuring of security access and content authoring workflow.
■ Document System Read permissions for CM definition objects such as a content record or a navigation item determine not only which iMIS users can view the properties of that definition object within Content Management, but also determine who can see the rendered version of that object on a website.
For example, if a content record is assigned to the system role Everyone with Read permissions, then even anonymous visitors to a CM website will be able to view that content record's rendered web page. However, if only a specific security group such as "Board Members" is given Read permissions for that content record, then only members of that security group who have logged on to the CM website will be able to view that content record's rendered page. (If they do not log on to the website with their iMIS logon name, they are treated as anonymous users and unable to view the rendered page.)
■ Document System Edit permissions are required to edit the properties of CM definition objects, and Delete permissions are required to delete CM definition objects. However, these permissions are not sufficient by themselves. You must also have the corresponding CAG permissions. For example:
□ If you have Document System Read and Edit permissions on a content record but you do not also have the CAG Content Editor permission, then when you attempt to view the properties of that content record, you will see only a rendered preview of that content record. You might want a mixture of permissions like this, plus the CAG Content Approver permission, for the staff in your content authoring workflow who you want to give the ability to approve or reject content, but not the ability to create or revise content.
□ If you have Document System Read, Edit, and Delete permissions on a content record and you have the CAG Content Editor permission, then you will be able to view and edit the properties of that content record, but you will not be able to delete that content record. If you also have the CAG Content Approver permission, then you will also be able to delete that content record.