5.0 SE - Permissions on Image Libraries and Manage Image Lib

Posted by Community Admin on 04-Aug-2018 15:03

5.0 SE - Permissions on Image Libraries and Manage Image Libraries

Sitefinity - Bugs & Issues

All Replies

Posted by Community Admin on 23-Mar-2012 00:00

How to create Image Libraries special for one Role. Restrict access for all other libraries?

I have created a role 'MyRole'
I created a user 'MyUser' who can access the backen and is in role 'MyRole'
--------------
As Administrator I created a image library 'MyRoleImages' and granted permission to 'MyRole'
--------------
Logged-in in as 'MyUser' I will not see the Content - Images option
--------------
Logged-in as Admin i granted Adminstration - Permissions - Rights to Image Libraries for 'MyRole'
----------
Logged-in as 'MyUser' I now have the option Content - Images

However two problems

1) it seem the 'MyUser' in 'MyRole' can manage all albums
a) wrong settings or would I have to remove premissions for 'MyRole' from all other and futur libraries (used to be like this for pages in 4.0)

2) as 'MyUser' I can see the link Manage ImageLibraries but when clicked get an 404 error this kind of pages not served. 

Markus

Server Error in '/' Application.

This type of page is not served.

Description: The type of page you have requested is not served because it has been explicitly forbidden. Please review the URL below and make sure that it is spelled correctly.

Requested URL: /Sitefinity/Content/Images/Albums

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272

 


 


Posted by Community Admin on 28-Mar-2012 00:00

Hello,

I was able to reproduce this issue. The issue comes from the permissions not set correctly for the Images and Image libraries. I logged on as the Adminstrator, went to Adminstration >> selected permissions for "MyRole" >> then changed the permissions to allow for "Image" and "Album" sections. Then I logged out and logged back in as MyUser and clicked on Content >> Images and was able to view the album and the pictures within the album.

When setting permissions there are a couple things to remember about setting permissions:

1. Make sure that the user has appropriate permissions depending on the provider- at last View permission for a given page.

2. Make sure that the user's role does not inherit permissions from another role that has deny set fro "View" right. Deny has higher priority than Allow.

Please let us know if you have anymore questions.

Regards,
Grace Hallwachs
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 29-Mar-2012 00:00

Dear Grace

Thank's for the feedback, also on my support ticket.

I was fearing this answer. To me this very very bad.

When I grant a role access to see libraries this role gets automatically added to the default users who can manipulate libraries.

Imagine when you have a 20 libraries and you want now a new user/role to have access to one libarary only.

a) you need to give that role permission so see libaries
b) you then have to deny his access in all other 19 libaries - meaning at the moment you have to break inheritance of this 19 libaries

What about future libaries. As soon as an admin opens a new libary he probably has to rember to revoke the rights for the one user/group!

This is simply bad.

Feature Request: When granting a user/role access to see/manage libaries the user/role should not automatically be added to the default settings but should only be able to see work on the libaries access was granted for.

Bottom line. Libraries access should work now like page (this was fixed also) Granting is the word not denying!

Markus

Posted by Community Admin on 03-Apr-2012 00:00

Hi,

I have submitted a feature request on your behalf. You can follow its progress in PITS and vote for its popularity.

Kind regards,
Grace Hallwachs
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 03-Apr-2012 00:00

Dear Grace thanks a lot.

I think you have perfectly described the problem: When granting a user/role access to see/manage libraries the user/role should not automatically be added to the default settings but should only be able to see work on the libraries access was granted for.

Now I just hope may will vote for it and that we will see a fixe behavior in 5.2

Thank's again
Markus

Posted by Community Admin on 04-Apr-2012 00:00

Hi,

Please let us know if you have anymore questions or concerns.

Regards,
Grace Hallwachs
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 17-Feb-2013 00:00

This hasn't been fixed, has it.  I see that for the Documents and Files (or any tab) to show up you have to grant access to either Create New Or Manage All. 

Then what?  Go through each library and override the setting for the one you don't want the role to access?   

Usually our clients aren't this granular but we now have a client with extensive role based editing rights down to one role can only edit a single particular file. I've spent way too much time on his already.

Sitefinity - you may have taken a few steps forward with the permissions but you also took a leap backwards...  :(

I am hoping i am just overlooking something obvious!

Posted by Community Admin on 18-Feb-2013 00:00

Dear Laura

I sure hope this will make it to 5.5 or next version. 

Markus

This thread is closed