Best Practices for Managing Users in an LCS Project

This article documents best practices for managing users in a Liferay Connected Services (LCS) project. You will learn how to add users, modify user roles and assign permissions to project members.

The first users to get access to a company's LCS Project will be assigned the LCS Admin role. They can then follow the steps in this article to customize roles and permissions to meet the needs of their own project and team structure.

Resolution

LCS Role Guidelines

We recommend that you follow these guidelines for each role when assigning roles within an LCS Project:

LCS Admin 

  • LCS Admins should be highly trusted system administrators who have a solid understanding of all LCS features and their capabilities. They should also have a very good understanding of all the Liferay DXP instances and their individual functions. We recommend having at least two Admins in order to ensure continuous access in the case when one Admin is unavailable.
  • Users with the LCS Admin role have permissions to create, edit and delete project members, environments and servers in the entire project.
  • Avoid assigning this role to generic users tied to distribution email lists or email groups, since it removes accountability and creates security risks.

To use the specific environment roles listed below, LCS Admins have to first create at least one environment. If there are no existing environments in the project, the only available option will be the LCS Admin role.

LCS Environment Manager 

  • LCS Environment Managers should be trusted system administrators who understand all environment management features of LCS. They should also have a very good understanding of all the Liferay DXP instances in their environments.
  • Users with LCS Environment Manager role have permissions to create, edit and delete servers within a specific environment, as well as install fix packs on existing servers.
  • Avoid assigning this role to generic users tied to distribution email lists or email groups, since it removes accountability and creates security risks.

LCS Environment Viewer 

  • LCS Environment Viewers should be team members who need on-demand information on the server statuses of specific Liferay DXP environments.
  • Users with LCS Environment Viewer role have permissions to view all servers in a specific environment. LCS Environment Viewers cannot register new servers or install fix packs in their environment.

How to Manage Users in an LCS Project (quick summary) 

To add new users to your project, please create a support ticket with the Liferay Connected Services > User Management/Permissions component. LCS Admins can modify the roles and permissions of users that are already project members by following these steps:

  1. Go to lcs.liferay.com
  2. Navigate to the Users page, using the left-hand menu options
  3. Use the Manage Roles link next to each user to change an existing user's role or to remove a user from the project
  4. When permissions between two roles overlap, you must first revoke a user's existing role before assigning the new role. 

lcs-user-roles.png

Warning: Changing a user's permissions can invalidate token files created by that user. Please read  the following article for more details: Known Issue: Liferay Instance Disconnects from LCS When LCS User Credentials Become Invalid.

Additional Information

Liferay Official Documentation: Using LCS

Was this article helpful?
0 out of 0 found this helpful