Authorization Policies and Permissions

Authorization policies determine the actions that users can perform with the mashables, mashups and apps that MashZone NextGen governs. Policies also determine user access to the features and tools in the MashZone NextGen Hub and the MashZone NextGen Enterprise AppDepot.

By default, authorization is enabled in MashZone NextGen. All actions are forbidden unless explicitly granted in a policy.

Note:

You can choose to disable authorization during an initial development phase to simplify access to register and create mashables, mashups and apps. See Enable or Disable Authorization for instructions.

The categories of authorization policies that are defined in MashZone NextGen are shown below.

Access/Create Permissions: are defined using MashZone NextGen built-in user groups as the principals. See the Built-In MashZone NextGen User Groups and Permissions topic for detailed information these policies.

To grant access to MashZone NextGen tools and enable users to create artifacts in MashZone NextGen Hub, you add users to these built-in groups. See Grant User Access to MashZone NextGen with Built-in Groups for instructions.

Owner/Admin Permissions: users automatically obtain owner permissions when they create artifacts. Administrator permissions are defined when you assign users to the MashZone NextGen_Administrator built-in group (see Access/Create policies).

Owners have full permissions to all actions for the artifacts they create, except the feature/unfeature action. Administrators have owner permissions for all artifacts as well as for the feature/unfeature action.

Run Permissions: owners and MashZone NextGen administrators grant run permissions to other users to allow them to use that artifact. See Grant Permission to Run Mashables, Mashups and Apps for instructions. Automatically Grant Run Permissions to Users and Groups. For mashups and apps, users must also have run permissions for the other mashable information sources, mashups or apps that are used by that mashup or app.

You can also grant guest access to use artifacts. Guest access grants permission for anyone to run that artifact, even users who are not logged in. See Authentication and Guest Access for instructions.

Users also get several other related permissions when you grant run permissions. See the Built-In MashZone NextGen User Groups and Permissions topic for more information on the additional permissions granted with run.

View Permissions: authenticated users can see artifacts in MashZone NextGen Hub and the AppDepot even for artifacts for which they do not have run permissions. They can open the artifact and request permissions, but they cannot run or preview the artifact.

You can also restrict view permissions. See Set View Permissions with a Search Filter for information.