[opencms-dev] Question Permission assignment
Alex Kandzior
alex at opencms.org
Mon Aug 22 17:02:32 CEST 2016
Thomas,
You wrote that you have set the permissions on the pages folder.
Did you also remove the permissions on the elements that have been placed on the pages?
Keep in mind the page consists of the container page file (usually an index.html) and a number of individual elements usually located in the .contents folder of a website.
To not see the edit points you must also remove the permissions on the elements that have been placed on the page.
Or you can restrict the users that are allowed to access an element using the <cms:container editable=xxx> tag in your template.
BTW the suggested way of restricting parts of the site is creating these as subsites. In this case its easier to set the permissions because the .content folder would be part of the subsite.
Kind regards,
Alex.
-------------------
Alexander Kandzior
Alkacon Software GmbH - The OpenCms Experts
http://www.alkacon.com - http://www.opencms.org
> Am 22.08.2016 um 15:49 schrieb Thomas Schmidt <t.schmidt at md-network.de>:
>
>
> Hello,
> i have a relative simple OpenCMS (10.0.1) setup with a singe Website and just a few users (some Admins=all permissions, some users = just editing (a few) pages), which are grouped in „Users“ and „Administrators“. I have only the root ("/„) OU.
>
> Now I have a few special pages (which are in folders) which I want to protect against changes by the „Users“ (but „Users“ should be able to read).
> Therefore I used the explorer and and changed permissions of a folder which should have this kind of protection.
> I removed for „All others“ all rights (should not be visible for all others) means i set it to „-r-w-v-c-d“, to the „Users“ group I gave "+r-w+v-c-d“, means read and view is enabled all other (especially write) is denied and for „Administrators“ i gave all rights. For all settings i set „Overwrite Inherited“ and „Inherit on subfolders“ so all pages in the folder should be protected.
>
> BUT: a normal user is still able to edit the page (I have still the Edit Points, i can still save the page) - even if i apparently prevented the „Users“ groups to be able to write. However i denied direct publishing which works.
>
> I tried that as well for single user (prevented write and publishing) - here as well - it is still possible to save - but not to publish - even if write is forbidden.
> I tried this as well with 9.5.2 - and same behavior.
>
> Only rights which are apparently working are „direct publishing“ and „read“ - if i prevent those the user/group cant open the page or cant publish it. Write always works as long read is enabled.
>
> So if i want to protect some files/pages/folders from being written by a special user or group - how to do that ? is this behavior expected ? do i do something wrong (most likely ?!) ?
>
>
> Many thanks
> Kind Regards
> Thomas Schmidt
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>
>
>
More information about the opencms-dev
mailing list