Restricting A User To a Certain Document Library
Hello all,
I am currently using the latest 4.0 RC (Sitefinity_4.0.992.0) and attempting to setup various Document libraries, with different sets of users (roles) only able to access/view/upload/edit in their respective libraries.
For example, let's say User A maintains Section A of a website and only needs access to upload to that document library, while User B maintains Section B...
What is the smoothest way of achieving this functionality? In SF 3.7 our organization utilized providers, but it was a bit complicated. I am curious, is there an easier method in 4.0?
I tried simply creating different roles and giving only that role access to a library, however, my test user can only see the Dashboard upon logging in (even though that role has access to pages and documents, etc...).
Any tips are greatly appreciated! Thanks!
Hello Brad,
If this user belongs to Editors role he/she should be able to access Dashboard, Pages, Content. Please make sure that your user does not belong to anther roles where you have denied the access to Pages and Content.
All the best,
Ivan Dimitrov
the Telerik team
Hi Ivan,
If the user belongs to the Editor role they can then view / access *all* of the document libraries, instead of just the libraries that have permissions set to a custom role / group.
I suppose to achieve this restriction of document libraries / pages I will need to implement the providers solution. I've tried using the Developer Network Search feature but am not sure how to word this. Do you know of a document / tutorial that explains the process of setting up providers so different roles can be setup to only have access to certain libraries / pages?
Thanks!
Hi Brad,
Have you granted this user/role to see the backned pages from Sitefinity >> Administration >> BackendPages >> Pages.
Greetings,
Ivan Dimitrov
the Telerik team
Hi Ivan,
Thank you, that solved the issue of the user/role not being able to see the Pages / Content tabs from the dashboard. However, once I grant them access to see the Content / Documents & Files section, they then have access to all Libraries, even though certain libraries have permissions of only letting Admins and certain other roles have access.
I will continue to look through all of the permission settings, but I just wanted to make sure I wasn't missing something else that was obvious.
Thanks!
Brad
Hello Brad,
Ok, Most probably you have not broken the inheritance. By default the image inherits permission from its parent which is the Library. You can check the libraries permissions from
http://host/Sitefinity/Content/Documents/Libraries - >> Actions >> Set Permissions..
if the problem persists, please send screenshots of the permission settings for Libraries, the Image and screenshot of the roles under which your user belongs to.
Greetings,
Ivan Dimitrov
the Telerik team
Hi Ivan,
After breaking the inheritance I am one step closer. Now the user cannot see any of the files in the library (which is good), however, they can still see the Library itself even though it appears empty to them. Ideally, I would like the folder to not display at all if a user does not have the proper permissions.
I have attached screenshots of the role that should not have access to the "Agriculture" folder, and also of the Library permissions for said folder.
Thanks,
Brad
Hello Brad,
We verified that this is indeed a problem with applying permissions for a single library. Namely, even though a user has been explicitly denied the "View this library" action, he can still see it. It has been logged (ID 105504) and will be fixed for our next release.
All the best,I downloaded Service Pack 1 for SF4, and this issue still exists. A user who has been explicitly denied the "View this library" no longer sees the library in the list of Libraries, but when they view the main "Documents & Files" page, a list of the most recent files are displayed, and items from the denied Library are shown. Next to these items is even a link to the explicitly denied Library, where a user can then view all of the items in a Library they should not be able to view.
Is there anyway to have PDFs (or any document) available to everyone on the frontend (so that they may be downloaded by the public) but have certain backend users be restricted to only see certain libraries while in the backend?
The goal is to have different groups of users maintain different portions of the website, and restrict access to maintain libraries accordingly.
Hello Brad,
Thanks for your feedback.
I have inspected this again, and unfortunately this problem still exists as it may be more complex than we initially assessed. At the moment there is still a problem with filtering secured objects which are explicitly denied from certain users or roles. However specific actions should be enforced by permissions (e.g. if the user is not allowed, or explicitly denied, to edit a news page, an attempt to edit the page should result in a "you are not authorized to perform this action" message).
We'll apply a fix for filtering objects by explicitly denying them in the Q2 Service Pack 1 release. Sorry for the inconvenience.
All the best,
Alon Rotem
the Telerik team
@Telerik
Does this problem reported in Dec 2010 still exist?
Markus
Hi Markus,
Filtering media items on a granular level permission set should be working as intended now with the latest release of Sitefinity.
Greetings,I am using Sitefinity 6.3 and I still see this same issue.
Has there been any update on this? I am using 7.2 and it still have the same issue described. I can see all the libraries even though access has not been granted to user.
Hi Hector,
I have tested it in Sitefinity 7.3 and 8.0 at least and permissions for Document Libraries as expected.
Regards,
Junior Dominguez
Telerik
I am using version 9 of sitefinity.
I have 2 libraries: 1. Enterprise-only and 2. EveryoneCanSee
I have 2 roles and 2 users, each with 1 role. Refer image attached.
Both these libraries are added to a page (image at end of doc). No matter which user logs, they both see both the libraries as well as documents from both libraries.
EDIT:
In order to permissions to work on document library, it is not sufficient, though necessary to set the permissions on the library (root : as per documentation), it is also needed to setup a flag in the security settings in back-end > [Top menu] Administration > "Advanced" link > security left menu
Check on the check-box for: Enable filtering queries by view permissions
This will in turn modify config file "securityConfig.config". So you need to rebuild solution (just compile didn't help).