I have the admin user, that should have all rights.
But somehow I can't edit all localized fields when I logged in as admin.
For other users, I do not have this problem and all work fine. For example, admin100 in admin group have proper rights and can edit all fields.
I thought it could be changed access rights for admin, but it's same rights as for admin100.
I'm quite lost what it could be.
Related
I've created a user role, which doesn't inherit permissions from Guest. I've achieved it through portal-ext.properties with permissions.check.guest.enabled=false param. But now, if I logged in with this new user role, I can't log out, since I can see the User Personal Bar (probably because of some permission settings). Any idea how to enable the User Personal Bar for my custom user role? I'm using Liferay 7.1 CE.
I'm developing an application, where users are able to store their notes.
The roles hierarchy is the following:
user role could create, read, update and delete their own
notes.
admin role inherits user role and has access to
all users notes.
The issue is, that most of ACL tutorials, are describing generic cases, regarding how to declare permissions for a roles like user, admin, manager etc.
There is a lack of information regarding the cases, when we need to protect specific user notes from changing by other users. How to handle this in the scope of ACL?
I am using version 6.1. I want to create a user who has most admin capabilities. However I do not want them to have access to creating user groups, users etc. I want them to have access to products etc. Is there a functionality in Backoffice to restrict users from adding users. Is there a way to hid this function in the navigation tree?
THanks
Use Hybris access rights, for example to give read permissions to user group mygroup for item type User (this can be executed as an Impex query):
$START_USERRIGHTS;;;;;;;;;
Type;UID;MemberOfGroups;Password;Target;read;change;create;remove;change_perm
UserGroup;mygroup;;;;;;;;
;;;;User;+;-;-;-;-;
$END_USERRIGHTS;;;;;
I have created a 'Site User' role which is appropriate for users who will be Viewers on every available portlet. For example a user with this role should be only allowed to view documents in Documents and Media portlet but not allowed to add a new document or edit an existed.
I have defined the proper permissions in my Site role, however users with this Site role are still able to create events or add documents etc.
All these users are also assigned with the Social Office User role but as I'm seeing there is no such permission granted from this role.
I'm wondering if this is a normal behavior or the only solution is to modify portlets in a way that they won't allow users without the 'Site Admin' role to perform certain actions.
They're most likely still assigned to the "User" role (portal wide), or gets the permission from being a "Site Member". As you can't remove permissions, only add them through roles, check these roles for their bundled permissions.
They're assigned as default to Site Member role as Olaf stated. Look this file:
https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/resource-actions/documentlibrary.xml
As Site Member you have :
<site-member-defaults>
<action-key>ADD_DOCUMENT</action-key>
<action-key>ADD_FOLDER</action-key>
<action-key>ADD_SHORTCUT</action-key>
<action-key>SUBSCRIBE</action-key>
<action-key>VIEW</action-key>
</site-member-defaults>
as default action permissions.
I have a browser:page setup in Zope, and I have:
permission="zope2.Public"
My question is what should I change this to in order to allow only Plone administrators access, and/or logged in (non-administrators) access to this page?
On Zope, you control access to views via permissions, but to permit someone to access a given permission, you must grant such permissions to a role.
Anyone in the Plone administrators group has been granted the Manager role (on Plone 4.2 that'll change to the SiteAdmin role) generally have access to most permissions. There is also the automatic Authenticated role, which is given to anyone that has been authenticated (has logged in). The latter doesn't have many default permissions though.
Permissions are generally named after the action you want to permit. If your view's goal is to manage some aspect of your Plone portal, then the cmf.ManagePortal permission is probably what you want. You can check the full list of default permissions if you need another one.
There is some excellent documentation on how security works in Plone, which includes information on how to define new permissions too, and how to assign existing permissions to roles.
permission="cmf.ManagePortal"
This setting is about permissions not about roles.