Security and permissions
Liferay implements a fine-grained permissions system, used to implement access security in custom plugins. The portal extends the security model by the following terminologies: resources, users, organizations, locations, user groups, communities, roles, permissions, and so on. That is, this is a role-based, fine-grained permission security model.
In order to add permissions in the custom portlets, generally, you would carry out the following four steps:
1. Defining all resources and their permissions—defining resources and permissions.
2. Registering all the resources in the permission system—registering resources.
3. Associating the permissions with resources—assigning permission.
4. Checking the permissions before returning the resources—checking permission.
Adding resources
First of all, define your resources and permissions in the custom plugin, for example, knowledge-base-portlet. You can create a folder named resource-actions in the folder $PLUGINS_SDK_HOME...
