Necessary and Recommended Privileges for the Administration Cabinet and Other Administrative Objects

An administrator must grant certain permissions on the Administration Cabinet and on Event Queues. An administrator may choose to hide other Administrative Objects.

All users must have the “View Container Contents” privilege for every item in the Administration cabinet (that is, the cabinet with this icon: (). Several operations (for example, logging in, adding annotations to elements, deleting items from folders and cabinets, and so on) rely on the user’s ability to “see” into the contents of one or more folders in the Administration cabinet. View Container Contents is the name of that privilege.

You can set View Container Contents privileges at a high level by invoking Administration > Security > Backstop Access Controls and ensuring that View Container Contents is in the Present column and that the All Users group is in the Present column when this privilege is selected, as shown here:

Background operations (for example, composition, reporting, translation, workflow, and so on) rely on the user’s ability to “see” the contents of various Astoria Queues. “View Event Queue Contents” is the name of that privilege.

You can set these privileges globally by invoking Administration > Security > Global Access Controls and ensuring that View Event Queue Contents is in the Present column and that the All Users group is in the Present column when this privilege is selected, as shown here:

Furthermore, you may wish to prevent most users from seeing a list of these items:

To accomplish this, invoke Administration > Presentation > Administrative Object Visibility. Use this command to assign these objects to a role that most users do not inhabit.