User Access to DivePort Content

DiveLine users are assigned one of the following DivePort user types:

• Administrator—Has full access to the DivePort configuration and edit functions.
• User—Can view DivePort content.
• Disabled—Cannot access DivePort.

These user types are managed within the portal.

When DivePort is installed, DiveLine administrators are designated as DivePort Administrators. To change this configuration, adjust the user's access level in the Users and Groups dialog to something other than Use Default.

All other DiveLine users are assigned User access by default. An administrator can override these access settings for individual users, administrators, or groups without impacting other Diver clients. The administrator can also change the default access setting from User to Disabled. For more information, see Managing User Access.

Although DiveLine controls access to data, DivePort can add additional security by controlling access to all page content in a hierarchic fashion. Each environment, page, and portlet instance can be edited to allow No Access, User Access, or Privileged Access as the default for all users and groups. Pages and portlet instances can also be set to Inherit Access from Parent as the default. The four levels of default access are defined as follows:

• Inherit Access from Parent—(Applies to pages and portlet instances only.) The access level that is set at the highest level cascades down based on the hierarchical structure determined by the layout of pages, child pages, and portlet instances on a page. The parent of a portlet instance is the page on which it is located. The parent of a page can be the next higher level page, or in the case of top level pages, the environment.
• No Access—The environment, page, or portlet instance can neither be seen nor modified by an authenticated user. Only portal administrators can see this object.
• User Access—The environment, page, or portlet instance can be seen, but cannot be modified. Anyone can view this object, but only portal administrators can modify it.
• Privileged Access—The environment, page, or portlet instance can be seen and modified. Anyone can view this object, and users given privileged rights can modify it.

When a user logs in to a DivePort environment, DivePort determines what to display as follows:

• Does the user have permission to access the page?
• Does the user have permission to access each portlet on the page?
• If the page inherits its permissions from a parent page, does the user have permission to access the parent page?
• Do the default access settings allow or restrict this user access?
• Do the default access settings allow or restrict the groups to which the user belongs?

The least restrictive access applies.

DiveLine 7.x applies access control rules The collection of rules that restricts or allows user access to data. to projects, and can apply 6.4 ACLs Access control lists to non-project resources that use the 6.4 namespace. For more information about access control rules, see Workbench Help.

There are three levels of editing capabilities in DivePort. The levels result from various combinations of user access type and privileged access permissions for portlets and portlet-containing pages. The higher the level, the greater the user’s ability to make edits and changes within DivePort.

• Portlet Instance Editing—The ability to make edits to a specific portlet instance. This requires administrator or privileged user access to the portlet instance and page.

• Page Editing—The ability to make edits to the page containing the portlet instance. This requires administrator or privileged user access to the page.

• Configuring—The ability to completely configure DivePort, delete parent and child pages, and edit pages and portlet instances. This is available for portal administrators only.