I have created my own custom controller and added the section on admin (community version). Is there any way for only specific users to see the section and not all of them? (let's say we want only the administrator to be able to see this section).
I know that I have to set the permissions of the section in the DB but it is not clear to me how.
The ADMIN_PERMISSION_ID that I inserted when creating the section was "-1"
INSERT INTO blc_admin_sec_perm_xref (ADMIN_SECTION_ID, ADMIN_PERMISSION_ID) VALUES (1, -1);
The next step here is adding an entry in BLC_ADMIN_ROLE_PERMISSION_XREF to give your role the new permission.
For example, if you want your "Admin Master Access" role with ID -1 to be able to view your section, you would perform:
INSERT INTO BLC_ADMIN_ROLE_PERMISSION_XREF (ADMIN_ROLE_ID, ADMIN_PERMISSION_ID) VALUES (-1, -1);
This should allow only your "Admin Master Access" role users to see the section.
Related
How do I restrict a section of a form that only a certain group can edit? I created the group with these fields:
Group type: Access Control List only
Category: ACL Control, Database ACL Group
I tried these steps from this link:
https://www.ibm.com/support/knowledgecenter/en/SSVRGU_8.5.3/com.ibm.designer.domino.main.doc/H_RESTRICTING_ACCESS_TO_A_SECTION.html
Highlight the text, fields, and other design elements on a form that make up the section.
Choose Create - Section - Controlled Access.
But when I highlighted the section of the form that I want to restrict, I cannot select the Controlled Access and is grayed out.
Let's say I have a data template that has 3 field sections: Basic Info, Navigation Info and Content Info. I would like to restrict Field Write access to the fields in these sections by role. I know that it is fairly simple to create a role for each of these and deny Field Write for the other sections. For example, I could create a role called Basic Info Editor Role and deny Field Write for all of the fields in the Navigation Info and Content Info sections. However I need to have the ability for a given user to be a member of more than one role sometimes. So I may have a user called jSmith that is a member of both the Basic Info Editor Role and also the Navigation Info Editor Role. I want jSmith to be able to edit both of those sections of content.
I can't figure out how to do this. It seems that by default all users have Field Write access to all templates. I think somehow I need to remove inheritance so that they don't all have the Field Write granted or something. Any ideas?
From what I remember you cannot assign Field Read and Field Write access rights on the section level - you can only do this on the field items directly.
Anyway, I think your approach is correct:
select chosen field which should be restricted
break the inheritance of this field for your base role (e.g. Standard Editor)
and then create Basic Info Editor Role which will be a member of the Standard Editor role
add Field Write option for the selected field for Basic Info Editor Role role.
All other Standard Editors won't be able to change this field, only Basic Info Editors will be allowed to change it.
I have an object which is controld by its parent (it has a Master-Detail relation).
The parents OWD is set to private.
My problem is that the user can add a parent record but when he adds a chield he gets this error message - "Insufficient Privileges - You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary"
Does your user have the "Create" right to the Child object?
The issue here may be the attributes of the master detail field on the child object.
For example, if your OWD Access to the master object is set as Read only then the master detail field on the child must also be set as read only.
You can do this by editing the field - In the Master Detail options section of the field edit page edit the "Select the minimum access level required on the Master record to create, edit, or delete related Detail records" setting.
Hope this helps.
I would like to show / hide certain fields in my Drupal view accordingly to the user role.
Provided I can only have this view to work with, how can I achieve this programmatically or there's some settings that I am not aware of in Drupal.
P/S: I am aware of the access settings under basic settings in View but that would restrict access to the whole view, not field level.
You can create two identical Displays (within the same view) and override the field settings and access settings in each of them. For example, in the first display show the fields you only want a certain role to see, and set the access control setting to that role. In the second display, remove the unwanted fields and set the access control to the corresponding role.
Start by creating the most restrictive display first and then the least restrictive one.
I liked this answer, but in my case the field is dependent on the argument and I would need to create a new display for each argument (which isn't practical).
I installed the Views Custom Field module and used this code for the field:
<?php
if(user_access("some permission string here"))
{
print "Your field value here";
}
?>
Click advanced, theeming, find the field and make a _.tpl.php file for it, then in the file you will see:
print $output;
Change this to:
if (user_access('administer nodes')) {
print $output;
}
Or whatever the permission is you are checking against.
I think you have to try module Field Permissions
If your the fields you want to exclude are 1) created with CCK and 2) should be hidden from users of that role everywhere on the site (not just in this particular view) then you can just set the permissions on the fields so that users are particular roles can't view them. If the current user doesn't have permissions to view a field that is part of a View, the field won't be shown to the user.
( Regarding Moss 2007 )
i have created a sharepoint list in which one column is called user assigned - this is a lookup column of type - people and group.
i select the users from active directory to enter this field of the list.
So different items in this list have different users assigned
I have create permissions for this list to be read and write to the users in active directory .
so that when a particular user logs in to the sharepoint website with his credentials. he has read and write access to the list.
Now is there any way available in sharepoint by which the user do not see the whole list when they login to the website . He only sees the items of the list which the user assigned field is him only.
If the permissions are indeed setup right, you only have to go to List Settings, Advanced Settings, Item-Level Permissions and on "Read access: Specify which items users can read" you define their own.
If the users are not the creators of the items, you need to go to List Settings, Views (at the far bottom), modify the All Items View (or w/e you have as default), go to the filter section and add a filter like: "Show items only when the following is true", "Show the items when column" Assigned To is equal to [me]
I've been implementing such solutions for some while. It is possible, but
it takes much work to be done
if used in long term and/or the amount of data is large, this will hit performance
If none of these is a problem for you, then you can:
create code which performs BreakRoleInheritance() on the item, then adds ViewListitems permission for the user in "user assigned" column. You can find example code, for instance, here: http://social.msdn.microsoft.com/Forums/en/sharepointecm/thread/581e456c-db3c-44f1-b958-a824d95a2536 (or search in Google for "SPPrincipal" and "SPRoleAssignment" for more info)
make this code be called whenever the item is added or updated (you have to wait for the "-ed" events, because in the synchronous version of these events you can't change the permissions yet, for instance in "ItemAdding" there is no item created yet). You can achieve this by adding an event handler to the list.