Restricting A User To a Certain Document Library

Posted by Community Admin on 03-Aug-2018 01:29

Restricting A User To a Certain Document Library

All Replies

Posted by Community Admin on 22-Dec-2010 00:00

Hello all,

I am currently using the latest 4.0 RC (Sitefinity_4.0.992.0) and attempting to setup various Document libraries, with different sets of users (roles) only able to access/view/upload/edit in their respective libraries. 

For example, let's say User A maintains Section A of a website and only needs access to upload to that document library, while User B maintains Section B...

What is the smoothest way of achieving this functionality?  In SF 3.7 our organization utilized providers, but it was a bit complicated.  I am curious, is there an easier method in 4.0?

I tried simply creating different roles and giving only that role access to a library, however, my test user can only see the Dashboard upon logging in (even though that role has access to pages and documents, etc...).

Any tips are greatly appreciated!  Thanks!

Posted by Community Admin on 28-Dec-2010 00:00

Hello Brad,

If this user belongs to Editors role he/she should be able to access Dashboard, Pages, Content. Please make sure that your user does not belong to anther roles where you have denied the access to Pages and Content.

All the best,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 28-Dec-2010 00:00

Hi Ivan,

If the user belongs to the Editor role they can then view / access *all* of the document libraries, instead of just the libraries that have permissions set to a custom role / group.

I suppose to achieve this restriction of document libraries / pages I will need to implement the providers solution.  I've tried using the Developer Network Search feature but am not sure how to word this.  Do you know of a document / tutorial that explains the process of setting up providers so different roles can be setup to only have access to certain libraries / pages?

Thanks!

Posted by Community Admin on 31-Dec-2010 00:00

Hi Brad,

Have you granted this user/role to see the backned pages from Sitefinity >> Administration >> BackendPages >> Pages.

Greetings,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 07-Jan-2011 00:00

Hi Ivan,

Thank you, that solved the issue of the user/role not being able to see the Pages / Content tabs from the dashboard.  However, once I grant them access to see the Content / Documents & Files section, they then have access to all Libraries, even though certain libraries have permissions of only letting Admins and certain other roles have access.

I will continue to look through all of the permission settings, but I just wanted to make sure I wasn't missing something else that was obvious.

Thanks!
Brad

Posted by Community Admin on 10-Jan-2011 00:00

Hello Brad,

Ok, Most probably you have not broken the inheritance. By default the image inherits permission from its parent which is the Library. You can check the libraries permissions from

http://host/Sitefinity/Content/Documents/Libraries - >> Actions  >> Set Permissions..

 if the problem persists, please send screenshots of the permission settings for Libraries, the Image and screenshot of the roles under which your user belongs to.

Greetings,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 11-Jan-2011 00:00

Hi Ivan,

After breaking the inheritance I am one step closer.  Now the user cannot see any of the files in the library (which is good), however, they can still see the Library itself even though it appears empty to them.  Ideally, I would like the folder to not display at all if a user does not have the proper permissions.

I have attached screenshots of the role that should not have access to the "Agriculture" folder, and also of the Library permissions for said folder.

Thanks,
Brad

Posted by Community Admin on 21-Jan-2011 00:00

Hello Brad,

We verified that this is indeed a problem with applying permissions for a single library. Namely, even though a user has been explicitly denied the "View this library" action, he can still see it. It has been logged (ID 105504) and will be fixed for our next release.

All the best,
Slavo
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 19-Mar-2011 00:00

I downloaded Service Pack 1 for SF4, and this issue still exists.  A user who has been explicitly denied the "View this library" no longer sees the library in the list of Libraries, but when they view the main "Documents & Files" page, a list of the most recent files are displayed, and items from the denied Library are shown.  Next to these items is even a link to the explicitly denied Library, where a user can then view all of the items in a Library they should not be able to view.

Is there anyway to have PDFs (or any document) available to everyone on the frontend (so that they may be downloaded by the public) but have certain backend users be restricted to only see certain libraries while in the backend?

The goal is to have different groups of users maintain different portions of the website, and restrict access to maintain libraries accordingly.

Posted by Community Admin on 24-Mar-2011 00:00

Hello Brad,

Thanks for your feedback.
I have inspected this again, and unfortunately this problem still exists as it may be more complex than we initially assessed. At the moment there is still a problem with filtering secured objects which are explicitly denied from certain users or roles. However specific actions should be enforced by permissions (e.g. if the user is not allowed, or explicitly denied, to edit a news page, an attempt to edit the page should result in a "you are not authorized to perform this action" message).
We'll apply a fix for filtering objects by explicitly denying them in the Q2 Service Pack 1 release. Sorry for the inconvenience.

All the best,
Alon Rotem
the Telerik team

Posted by Community Admin on 14-Nov-2012 00:00

@Telerik

Does this problem reported in Dec 2010 still exist?

Markus

Posted by Community Admin on 19-Nov-2012 00:00

Hi Markus,

 Filtering media items on a granular level permission set should be working as intended now with the latest release of Sitefinity. 

Greetings,
Patrick Dunn
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 04-Apr-2014 00:00

I am using Sitefinity 6.3 and I still see this same issue. 

Posted by Community Admin on 14-Apr-2015 00:00

Has there been any update on this? I am using 7.2 and it still have the same issue described. I can see all the libraries even though access has not been granted to user.

Posted by Community Admin on 17-Apr-2015 00:00

Hi Hector,

I have tested it in Sitefinity 7.3 and 8.0 at least and permissions for Document Libraries as expected.

Regards,
Junior Dominguez
Telerik

 
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
 

Posted by Community Admin on 17-Aug-2016 00:00

I am using version 9 of sitefinity. 

I have 2 libraries: 1. Enterprise-only and 2. EveryoneCanSee
I have 2 roles and 2 users, each with 1 role. Refer image attached.
Both these libraries are added to a page (image at end of doc). No matter which user logs, they both see both the libraries as well as documents from both libraries.

EDIT:

In order to permissions to work on document library, it is not sufficient, though necessary to set the permissions on the library (root : as per documentation), it is also needed to setup a flag in the security settings in back-end > [Top menu] Administration > "Advanced" link > security left menu
Check on the check-box for: Enable filtering queries by view permissions

This will in turn modify config file "securityConfig.config". So you need to rebuild solution (just compile didn't help).

This thread is closed