You’ve learned the basics on adding and editing Users, but there are additional important topics that go beyond the most basic tasks an administrator must perform. Read on to learn about these.
The Add User functionality includes a Require Password Reset checkbox at the bottom of the Password form. The default password policy does not even allow administrators to deselect this option. As the administrator, however, you can modify the default password policy so that this box becomes usable.
Navigate to Password Policies in Control Panel → Users.
Click on the Default Password Policy.
Deselect the Change Required switcher in the Password Changes section. Now you can decide whether each user you add must reset his/her password.
See the article on Password Policies for more information on editing the default policy or creating your own.
Adding an Administrative User
If you’re setting up a portal for the first time, you’re likely to be using the default administrator account, the account of one of those famous Liferay Administrators, Test Test or her cousin, Joe Bloggs. Because these are default accounts, hackers know about them, so it’s better to set up your own administrator account. Add a user with your information, then give your user account the same administrative rights as the default administrator’s account:
Click the Roles link in the left navigation pane (in the Edit User page’s General tab). This page of the form shows the Roles to which your account is currently assigned. No roles appear by default (the User role does not appear since it can’t be removed).
Click Select under Regular Roles and assign the Administrator Role to your user account. A dialog box pops up with a list of all the regular (portal-scoped) Roles in the portal. Select the Administrator role from the list (click Choose). The dialog box disappears and the role is added to the list of Roles associated with your account. You are now a portal administrator. Log out and then log back in with your own user account.
In production, you should always delete or disable the default administrator account to secure your portal.
User Profile Pictures
Users have profile pictures. Administrative Users can upload images in the Edit User form, and any User can update her own account information, including image, from her personal site (My account → Account Settings).
If no image is explicitly uploaded for a User’s profile picture, a default User icon is assigned as the User avatar. By default the User’s initials are displayed (First Name then Last Name) over a random color.
If the initials-based approach for generating User profile pictures isn’t suitable for your portal, disable the inclusion of Users’ initials in the default icons:
Navigate to Control Panel → Configuration → System Settings.
In the Platform section, click Users → User Images.
Deselect Use Initials for Default User Portrait.
Now, instead of the default icon, which is a colorful circle containing the user’s initials, the icon is a gray circle containing the approximate shape of a human being.
This is just the default. To override it with your own default image
Create at least one image that is a 100x100 px square. Place it somewhere on the application server’s classpath.
Override the values of these portal properties:
Restart the application server.
To make the above work, you must place the new image on the classpath of the
application server. For example, in Tomcat you could place images in the
tomcat/webapps/ROOT/WEB-INF/classes folder and specify
portal-ext.properties file. Once you restart Tomcat, the new default
images are used in place of the old ones.
Numeric Screen Names
In prior versions, numeric user screen names were disabled out of the box via the default portal property
Other user management systems (LDAP, for example) did not have the same
restriction, which made importing users more difficult. Administrators first had
to set the above property to
true before importing and hope that no screen
names conflicted with site IDs. In Liferay DXP 7.1, this property defaults to
true and there’s no danger of numeric screen names conflicting with site IDs:
This means you’re free to set a user screen name to 24601, or whatever other number you can think of, and imports from systems that allow numeric screen names go more smoothly. That’s everything you need to know to take advantage of this feature. Keep reading to understand what enabled the change.
Because users have personal sites, the URL to user 24601’s personal site is
Meanwhile, a default site URL to cleverly named Test Site is
There’s no conflict here, but two conditions could easily lead to one:
Test Site’s group ID matches the number chosen for the user’s screen name. Each site has a unique numeric identifier in the database, called group ID. There’s nothing stopping it from matching the user’s numeric screen name, so it could easily be
24601just like the hypothetical user above.
A site administrator comes along and changes the site’s friendly URL to match its
groupId. Hello, URL conflict! Now the site’s URL matches the user’s URL:
This conflict is no longer possible. In Liferay DXP 7.1, a site’s friendly URL is not allowed to be numeric. See for yourself:
Navigate to the site’s Configuration → Site Settings → Site URL section.
In the Friendly URL section, enter 24601 and save the form. A failure message appears if you don’t have a user with the matching screen name:
The friendly URL may conflict with another page.
You’ll see this failure message if there’s an existing conflict with a user screen name:
Please enter a unique friendly URL. Site [user-first-name user-last-name] has the same friendly URL.
Next, learn about collecting users in organizations.