CQ Security Model is divided in to two parts Authentication and Authorization. Following section covers overview of these two concept.

Authentication:

Authentication process in CQ involve authenticating users against CQ. Process of authentication in CQ works as follows,

• Authentication request is initiated in CQ through some login form
• Login Module registered in CQ extract user credentials from request
• Credentials are checked and proper response is generated.
• OOTB CQ comes with built in authentication module including LDAP and SSO
• A custom authentication module can be created based on project need

Authorization:

Authorization determines if user is allowed to access particular section of repository based on permission assigned. Authorization takes effect after authentication is successful.

Within CQ Authorization is managed using following entities,

User:

User access system using there account. User can be human user or system user. A user holds detail to login in to CQ

Group:

A Group can be collection of users. They are used to manage fine grain permission based on roles.

Action:

Action is action performed on resource. It can be read, write, delete or any custom action.

Permission:

Permission allows users or group to perform action on resource. In CQ permission is stored at resource level.

Privilege:

Privilege allows access to a functionality within system. for example replication of specific path.