Skip to Content

LSA Web Services Permissions Policy

LSA Web Services offers a secure, comprehensive content management platform for units in the College of LSA and partnering units. In order to keep this platform secure for our users, LSA Web Services has developed a permission policy to govern the authoring interface of AEM, the use of the LSA Gateway, and the use of the LSA Unit Portals.

Access to Author/ Edit in AEM

LSA Web Services creates and maintains all authoring groups for the AEM in MCommunity. In order to gain access to AEM, LSA Employee will need to be added into the appropriate authoring group(s) in MCommunity. LSA Staff will be added to said authoring group(s) once they have completed the AEM Training Class provided by LSA Web Services.

The same authoring group will be used for authoring access to unit portal(s). For author access to the unit portal(s), LSA Employee will need to take the additional AEM Unit Portal Training course after the completion of the AEM Training Class.

If an LSA Employee has been selected to author the LSA Gateway, s/he must complete the AEM Training for the LSA Gateway prior to access to AEM.

Maintaining Authoring Groups

It is the responsibility of the unit to inform LSA Web Services when a unit staff member no longer needs access to AEM. Submit a ticket to Web Services (lsa.web.support@umich.edu) when a staff member with AEM access leaves the department. LSA Web Services will also reach out twice a year to a main point of contact for each unit to also ensure that the authoring groups are accurate and secure.

Access to the LSA Gateway

The LSA Gateway is open to all LSA Employees once they have received the HR designation of "College of LSA" in Peoplesoft HR data warehouse. Once the designation has been assigned, LSA Employees can access the LSA Gateway with their uniqname and Kerberos password.

LSA Web Services also manages the "LSA Gateway Guest" permission group. When LSA unit(s) sponsor non-LSA employees that will need access to the LSA Gateway, the unit(s) must submit a request for access to LSA Web Services (lsa.web.support@umich.edu) with the employee’s uniqname, host unit, reason for the request, and length of access (one term, two terms, etc). LSA Web Services will consult with Senior Manager for LSA Units regarding guest approval.

Access to the LSA Unit Portal

Security for both AEM and the Unit Portal(s) is a top priority for LSA Web Services. In order to ensure that LSA Web Services can diagnose and troubleshoot any access issues or security audit, LSA Web Services must be fully aware of who has access to Unit Portal(s).

To ensure this security, LSA Web Services will create a new MCommunity group for each unit portal. This LSA Web Services-Owned MCommunity group will house all appropriate Unit-Owned MCommunity Groups that meet the following criteria:

  1. The Unit-Owned MCommunity group is not set to “Member list viewable by members only” in MCommunity.
    • If the Unit-Owned MCommunity group must be set to “Member list viewable by members only”, then LSA Web Services (lsa-aem-mcommunity-admins) must be added as owners of said Unit-Owned MCommunity Group.
  2. The Unit-Owned MCommunity group does not contain private sub-groups
  3. The Unit-Owned MCommunity group’s sub-groups must be owned by the department