How can I hide the menus to specific employees the menus are :
ODOO Menu :
-Employee
-Expense
-Holidays
I want the "Attendances" menu that will be displayed for specific users
Login with admin credentials, activate developer menu from settings, go to Technical > Menu Items (Under User Interface Sections) Search for those menu items by name and open required menu item. Click on edit, on Access Rights tab, add or remove groups to customize the menu permission access to certain group. For example if you want to set permission for this menu only to be accessed by admin user, set the groups permission to Administration / Settings. Groups permission on menu items works such way that any one having permission with particular menu item and it's parent item can access that menu. If no group permission is associated with particular menu, that means that particular menu is accessible by all who have permission to parent menu.
Make a new group for menus and gave that group to theses menus so that user belongs to that group will only able to see the menus. The user you want to display the menu gave those user this group.
Related
How do I add a custom group to this image library? I created a group at the site level which contains a list of users from AD but there is no option for me to add this group to this specific folder.
I have also created a group at the AD level but the SharePoint functionality only allows for individual users to be added to one of the groups already listed.
I stopped inheriting permissions from the top level site in order to manage access to certain folders but I don't seem to have that option.
Try following the steps:
From permissions page (shown in your question), click on "Grant Permissions"
Search name of group in first text box and select group from suggestions
Click on "SHOW OPTIONS"
Select Permission level as per your requirements
Click "Share"
Documentation: Customize permissions for a SharePoint list or library
I have a SharePoint Site where I created a List and I want to give read and add access to this list only to a limited group of people.
First I created in the SP site the List "ListX"
In the ListX settings I went to list permissions and I stopped inheriting permissions from the site and I created unique permissions
On the site advanced permission settings I created a new permission level "Add and View Only" where I selected the following options:
On the list permissions section
(a) Add Items - Add items to lists and add documents to document libraries
(b) View Items - View items in lists and documents in document libraries
The moment I selected those two options the following options have been automatically selected for me on the site permissions section:
(a) View Pages - View pages in a Web site
(b) Open - Allows users to open a Web site, list, or folder in order to access items inside that container
Then on the site permission I created a SharePoint group "ListX Users" and I gave the permission level "Add and View Only"
Then I added several users in the SP group "ListX Users"
Then I granted permissions on the ListX permissions to the "ListX Users" SP group
However the user gets the message "Sorry you don't have access" when they try to go to the top level of the site so that they can click on the ListX link and they are prompted to request access.
Any idea why that happens and how to give such Add and View access to the ListX only? Thanks
Best (and easiest) imo is to work down. Give them permissions on site level and break inheritance on each library that shouldn't be visible for everyone.
That way the navigation is the easiest and for maintenance has the easiest overview.
I partially solved my issue by adding two more options in the List permissions permission levels of "Add and View Only". See below.
Open Items - View the source of documents with server-side file handlers
View Application Pages - View forms, views, and application pages. Enumerate lists
However in this case the user need to have a direct link to the list and cannot navigate via the site.
I created RoleX, and I joined users to RoleX. Later I created RoleAdminX and now I want when users which have RoleAdminX after logged to control panel might manage to only users which have RoleX. How can I do that?
Roles cannot do that; what you are looking for are organizations. To see how they work and can solve your need, follow the steps:
Creating users and organization
In the Control Panel, go into "Users and organizations"
Create three users: X user, X admin user and no X user.
Now, click in the same "Add" button you used before. However, instead of clicking in "User", click in "Regular organization".
Name this organization "X" and save it. When you go back to the "User and organizations" section, you'll see the organization listed above all users:
Assign users to organization
Now that we have an organization, we should add our users to it.
Click on the organization name. There will be a menu in the left.
In the menu, click on "Assign users"
Click in the "Available" tab
Select the users "X user" and "X admin user". Do not select the "no X user"
Click in "Update associations"
Assign admin roles
Now we are going to give our "X admin user" powers to manage other users.
Go back to the organization editing page, where the aforementioned menu is found.
Click in "Assign organization roles"
Click in "Organization Administrator"
Click in the "Available" tab
Select the "x admin user". Click in "Update associations"
Testing
Does it work? Let us see!
Go back to the organization editing page, where the aforementioned menu is found.
Click in the "Actions" button from "x admin user". In the menu, click in "Impersonate user." A new tab will appear; in this tab, all actions you execute will be done as if you were logged in with the "x admin user".
In the newly open page, there will be a "Go to" button at the top right. Click on it. In the menu, click on "Control Panel".
You'll see what you are usually is found in the Control Panel of a common user: sections for editing the own user's data as well as sections. sections for editing the user's site and its contents (but not other sites!) At the end, however, there will be an unusual section (for common users to have access, I mean): Users and Organizations. Click on it.
You'll see a listing containing the "x" organization. Note that neither the admin user you were logged with, nor the "no x user" are listed here. Click on the organization.
Here, you'll see all the users added to the "x" organization. Click on the action menu and see how you can edit the user, handle user sites and permissions etc. If you want to take users out from the organization, or invite others in, just use the "Assign Users" option previously explained.
All the last steps were executed as if you were the "x admin user". If you doubt it, just log out and log in as the "x admin user" :)
You cannot, however, create new users or delete existing ones. This is a task to the administrator.
(Here I used Liferay 6.1 because the version of Liferay 6.2 I have here has some annoying bug that impedes the x admin user of arriving at the Control Panel, but the idea should be the same.)
I created a custom regular role and given "Go to Control Panel" permission comes in General category. But the "Go To" option is not visible for the user belongs to that particular role. I don't want to give "Add" and "Manage" permission in dock bar for my custom role. What permission extra should I give for my custom role to allow the users belongs to that role to Go To Control Panel?
I think (guess) the user should also have permission for atleast one portlet in Control panel, so that a link can be made to show something in Control panel.
Since if the User has no access to any of the portlet in Control Panel, there would be no use to go to the Control Panel.
I need to customize as to which portlet appear in the "Add more portlet menu" as shown in the image below:
I need to restrict the number of portlets displayed in this menu based on the logged-in user or site (community). So that Site-owner or Site-admin will be able to add only those portlets to their pages which the omni-admin decides for them.
Does Liferay provide any such functionality (through configuration or something) or do I have to create a new portlet and a hook to achieve this?
Environment: Liferay 6.1 CE GA2
Any idea would be very much appreciated.
Thank You
The following is an answer given to the same question in the Liferay forum:
You can limit what portlets can be added to the page from the Administration side and don't have to do any development.
You will need to create a role however and add everyone on it. Here are the steps for achieving this:
Have the user be part of the organization or site that you want them to add portlets to.
Go to Control Panel -> Rolesand make a Regular Role (not an Organization or Site role)
In Define Permissions drop-down menu go to Portal -> Site -> Page -> and check Update as a defined permission.
Go to Define-permissions drop-down menu again and go to Site Application -> (choose Portlet Name that you want your user add to the page) -> Add to page.
Repeat Step-4, if necessary if there are other portlets you want the users to add.
Add this role to your user: Go to Control Panel -> User and Organizations. Click on your User and go to Roles.
Finally you need to go to Server Administration and execute the Clean Up Permissions to clear permissions for the Guest and Power Users roles.
This should now make it so that whatever user is attached to this role they will see an "Add" button on the left hand corner and will only be able to add portlets you specify in the role permissions.
You need to grant the ADD_TO_PAGE permission for the portlets that you want to allow. By default, Community Administrators have quite broad permissions for all portlets. Check the "Community Administrator" Role in "Define Permissions" (Control Panel/Roles/Community Administrator/Action/Define Permissions).
I suggest to see what a community administrator is allowed to do and create a custom role, define its permissions and make your "limited" admins member of this role instead of the default Community Administrator.
there is beter way .
all portlets permissions is checked in its permission table.
go to portlet manager and first un check all for "user"
so its not shown "Add more portlet menu"