I want to give the user the permission to add and view only in my subsite,
I went to permission levels
Clicked on contribute
but the "Edit Permission Level" page is read only , i cant make any changes
You could try to create a custom permission level and see if it works.
https://learn.microsoft.com/en-us/sharepoint/how-to-create-and-edit-permission-levels
Related
I've been wrestling with uniquely restricting one page in my Kentico installation to be viewed by only two Roles, everyone else should be redirected to a page telling them they need to jump over the paywall. I've not determined the best way yet to do this. Along the way I've found that when I try to access that page from the menu at the top of the page it respects my permission by denying access. However when I use that same link from an editable web part lower in the page it seems to ignore permissions. While it looks like two questions here what I really want to know is how to deny access unless a user is in a particular role and then if denied how do I redirect them to a page to explain why they were denied. Thanks.
Try this:
From your top level page (master page), add the role "Everyone" and grant them read access. This will replicate through the rest of the pages and everyone can see everything. Yes, sounds fishy but read on...
Next navigate to the specific page you want to restrict access to. On the Security tab, click the "Change permission inheritance" link. Then click the "Break inheritance and copy parent permissions". Next select the Everyone role and check the Deny full control box.
Now add your specific role(s) and set their permissions to Read.
This should get your permissions working as you want for that page.
As for a message and redirecting if in a particular role, you could place a webpart on a page and say if they are not part of a role, just redirect them to a page using your choice of redirects. The webpart itself will handle if they are in the particular role. Keep in mind the user will have to be logged in already and/or have access to that page so no restrictions can be on that page.
Thanks for all your suggestions. Here's what I found. First, the reason the two pages were acting differently was a brain cramp on my part. I had embedded two different links. My bad!
Secondly, on security, it appears that Deny takes precedence over Allow. If the role is denied no amount of "allow" will override the denial. The way I fixed the problem was to create a zone for those who I wanted to allow access to the text and a zone or web part for those I wanted to deny. In the Zone visibility section (click the arrow next to "Visible" to enter text) I put a boolean statement:
{% CurrentUser.IsInRole("Member") || CurrentUser.IsInRole("SecondRoleToTest") #%}
This way anyone who was in either of those two groups would cause a true value to this statement and visible would equal true (notice the"!"). For the zone or web part I wanted to present to those who was not a member of either of those to groups I put the opposite of that condition
{% !(CurrentUser.IsInRole("Member") || CurrentUser.IsInRole("SecondRoleToTest")) #%}
and it would display the materials for those who were not in either of those groups. In this case the text read the equivalent of "you need to be either this or that with a link to information on how they could become this or that". Have to admit I learned quite a bit on this one. Thanks for all your help, you helped lead me to the answer.
If I am understanding you correctly, you are saying that you have locked down a page to only 2 roles? If a person clicks on a navigational link that is not in those roles, they are denied access...correct? But if a person clicks on a link from a webpart on a page, they are not denied access...correct?
Where this is unusual I am also wondering how the link is setup in the webpart? Is it just a anchor link or are you using a Kentico permalink? These should not behave any differently, but just a thought. Sounds like more than likely there is some permission that is still allowing access to the page, but without seeing your actual permissions setup it is really hard to tell you what could be causing that.
As far as redirect, by default it should redirect to a login page if you have one of those setup (you would of set that up in the Settings Tab), otherwise the access denied would just happen. You could quite easily write some custom code to redirect users who are not into a role to another page. For re-usability, you could write it into a custom webpart and have a property for the roles the users need to be in and a property for the redirect page location and then handle it from there. Doing it that way would allow you to use the same pattern on any pages you desired...but you would then need to bypass the built in security lock down stuff.
Lastly (and I don't know the classes to use) you could probably override what happens when 'access denied' occurs in accessing a page in the site..then you could do your own custom redirect. I am sure someone else can chime in with the exact class.
I need to remove "Add New" button from Asset Publisher portlet for the role "Power User" in Liferay 6.1.
How can I do it. Please help.
The "Add New" Button only appears when a user has permissions to create one of the assets displayed in AssetPublisher. It seems that your users/power users have permission to create content - this can be WebContent, Blogs or others. For example this typically happens in their own personal site where they have write permissions by default.
You can either remove that permission from the Power User, use standard users (there has been a recent blogpost about the difference between the two) or, if the permission is ok, just the UI should disappear either override the AssetPublisher UI with a hook (remove the button there) or use the simple CSS-trick ("display:none") in the portlet's "Look&Feel/Advanced Styling" section
i have a sharepoint site http://spp/sitepages/page2.aspx
I have a group called "Group1" with full control. There are two users "User1" and "User2".So both the users will have full control and both of them can make any changes in page2.aspx. Now this is my requirement, i want to allow only "User1" to access, when "User2" access my page i want to show "Access Denied" is it possible without code.
Since we can't vote to close towards sharepoint.se yet, here it goes:
You need to go to the SitePages library in the browser, select the page you want to change permissions and then go to the dropdown menu for the item > Manage Permissions > Edit Permissions (Stop Inheriting), remove all users / groups and only add User1 to the item.
A more detailed guide is available at the Microsoft Office website online
If you can put your page into a document library - do so. This way you can adjust your permissions properly with no code.
I have set permission to allow anonymous user to create page.
but when the anonymous user submmited the page, drupal 6 responded "page not found".
i have checked drupal backend, there was no page created.
so my question is, which permisson option i have to set to allow
anonymous user to create a page.
I had the same problem right now and it drove me crazy! After a bit researching I did a try rebuilding permissions at /admin/content/node-settings after remembering that this solved such issues related to node access for me before.
I am a senior developer and Drupal developer for about 4 years and until now I don't know why this happens. Who knows a clarification to all of this please please share..
http://drupal.org/user/642644
Anonymous users can create content if you give them permissions in the back end. Go to yoursite.com/admin/user/permissions and make scroll down to the "Node Module". Make sure you have "access content" and any relevant "create **foo** content" boxes checked (where **foo** is the content type you want them to be able to create) for anonymous users.
This will grant anonymous users permission to create content of type **foo**, and view any content created.
Your "Access Denied" problem may be caused by anonymous users being able to create content, but not access it. This would be the case if you have granted "create **foo** content" permissions to the anonymous user, but have not given them "access content" permissions. Can you see the content while you are logged in as an admin?
Not super familiar with the tech you're using but can a registered user create a page? If not, the problem probably is because of something else. :)
I have a list which I've set item-level permissions on. I set it to allow users to read all items and only edit their own items...
The issue is that if I do this then I can still edit all items...
If I change it so that I can only read my own and only edit my own then it works as expected...
Anyone have any thoughts on why this would be occurring and a solution...
I've set the list up to only allow one user account with contribute rights for testing purposes...
when you change permission in a list Advance Settings, it still let contributors to go to EditForm but once contributors try to save item, that doesn't belong to them, it show error message that you don't have permissions.
give it a try, create an item by some user let say User1, then try to modify that item using User2 credentials (User must have only Contributor right on the site/list), it will let you go to EditForm but wont let you save item.
I hope it helps you.
Are you a list manager (e.g., a site owner)? List managers have extra permission.
This only works if your user does not have permissions to edit all items on the list by based on the site permissions. E.g. if your users has contribute permissions to the site, that will override the individual item permissions.