Access settings in Access Management

I'm evaluating Tridion Docs 15.1.2 and have a question regarding Access Management.

I'd like to know the purpose of access settings in Access Management. When a new user account is registered with any identity provider, the checkboxes for all access settings become unchecked. Even so, the newly added user can use Publication Manager and Organize Space. How do the access settings affect the Tridion Docs operation?

Access Management interface showing user details, access settings, and roles for Tridion Docs applications. All checkboxes under Applications and Services are unchecked.



Generated Image Alt-Text
[edited by: RWS Community AI at 7:30 AM (GMT 1) on 26 Jun 2025]
emoji
Parents
  • Hi Naoki,

    The user will inherit first the settings of the Identity provider he/she is using to log on to Tridion Docs
    So in the Identity Providers section the checkboxes will be enabled/disabled based upon the associated configuration.

    You can further enable additional components based upon the user itself if needed for a user.

    So in your situation described above you should check which checkboxes are selected for the identity providers section (and the roles/claims which are setup).
    I'm assuming that this will include OrganizeSpace and Publication Manager.

    Kind Regards,

    Raf 

    emoji
  • Hi Raf-san,

    The access settings for the Tridion Docs identity provider are configured as shown in the diagram below.

    Access settings screen showing claims with type set to 'role' and value set to 'Administrator'. Applications and services have checkboxes, some checked, including 'Tridion Docs Content Manager'.

    Therefore, I thought that a new user who identifies with the Tridion Docs identity provider will inherit the above access settings. But as I showed in the previous screenshot, no checkboxes are checked for the new user. Why does this happen?

    Regards,
    Naoki

    emoji


    Generated Image Alt-Text
    [edited by: RWS Community AI at 1:09 AM (GMT 1) on 1 Jul 2025]
  • Hi Naoki,

    Your assumption is correct, althought not visible in the UI.
    As shown on your screenshot above the selected 'applications' and 'services and roles' are available for the user through the global definition.
    If the user has in his/her claim the role 'Administrator' enabled the selection for that definition would be available.

    On the user level you can additionally enable 'Applications' and/or 'Services and roles'. This would show by the selected checkboxes for the user (on the user specific screen). However the items enabled through the identity provider are not represented on the user screen.
    So the user screen only shows the changes/exceptions introduced specifically for that user and not the fully available set of options.

    So although the checkboxes are all deselected on the user screen, the selection of the identity provider screen is what is available and enabled.

    Kind Regards,

    Raf

    emoji
Reply
  • Hi Naoki,

    Your assumption is correct, althought not visible in the UI.
    As shown on your screenshot above the selected 'applications' and 'services and roles' are available for the user through the global definition.
    If the user has in his/her claim the role 'Administrator' enabled the selection for that definition would be available.

    On the user level you can additionally enable 'Applications' and/or 'Services and roles'. This would show by the selected checkboxes for the user (on the user specific screen). However the items enabled through the identity provider are not represented on the user screen.
    So the user screen only shows the changes/exceptions introduced specifically for that user and not the fully available set of options.

    So although the checkboxes are all deselected on the user screen, the selection of the identity provider screen is what is available and enabled.

    Kind Regards,

    Raf

    emoji
Children
No Data