I have added a new permission system.display added to my extension in the manifest.json file.
I expected that there would be a new permission listed for the extension but it is not. Checked listed permissions by navigating to chrome://extensions and then click on details link under the installed extension.
Also I did not find associated message with this permission in Chromium.
Could it be that this permission is granted silently?
As Marc correctly pointed out - many permissions are granted silently and are not listed.
You can read about these permissions here: https://developer.chrome.com/extensions/permission_warnings#nowarning
General rule regarding permissions:
If they access user data (bookmarks, pages through contentscript, management, location, history, etc) they are listed and warnings are generated.
Permission for such items need to be asked explicitly and these are listed in details for the extension.
For system info api like system.memory, system.cpu, etc are not accessing any user info. So these permissions are granted implicitly.
Related
I created a survey in my sharepoint online site.
If I give contribute permissions the user can add responses but can also edit permissions and add questions to the survey. Also, with contribute permissions, even if I set the survey advanced permissions to "Read responses that were created by the user" instead of "Read all responses" the user can still see all responses, even the other user responses, he also can edit and delete those answers...
If i give read permissions the user can't respond to the survey...
What can I do? What am I doing wrong?
Thank you
When you say that users "can also edit permissions and add questions to the survey", I believe in 2 scenarios:
The user has more pemissions than required at list or web level, probably being part of one or more group that has, for example, Design or Full Control permissions
Your "Contribute" permissions level was changed, and their permission was raised
So please just check the current users permissions and which groups they are members, just entering on survey settings> permissions for this survey> check permissions. Just check which groups the user is associated and be sure they have appropriated permissions.
Other important thing is to check if the role Contribute remains with the original permissions. Remember that it's a best practice to not change the original permissions levels, and you may check it on site settings > site permissions > permissions levels.
You may check more details and how the permissions levels are configured at the following link:
https://support.office.com/en-us/article/understanding-permission-levels-in-sharepoint-87ecbb0e-6550-491a-8826-c075e4859848
Just for your information: if the user has the right permissions and be a member of the expected groups with the Contribute permissions, it must not be able to change anything at list level, like questions or permissions.. Except if it's a site collection administrator or something like that ;)
In the Security Editor, I explicitly denied Read rights for a user to an item. In the Access Viewer, I am able to verify that Read rights for this user and this item are denied.
As this user, when I open the item's page in my browser, I can see all the content. I would expect a 404, but I can just see the page.
I verified that it's definitely the same user and the same item by placing some temporary debug info in my layout page:
user is #(Sitecore.Context.GetUserName()) - item is #(Sitecore.Context.Item.ID) - can read: #(Sitecore.Context.Item.Security.CanRead(Sitecore.Context.User))
This informs me that the user indeed has Read rights for this item, even though both the Security Editor and Access Viewer that these rights have been denied.
What could possibly cause a difference between what I see in the Access Viewer and what I get from Sitecore.Context.Item.Security.CanRead?
(Yes, I also recycled my app pool several times to make sure that no
kind of caching is applied.)
Access right information is stored on the item itself.
Make sure that you published the page.
Remember that you can switch database from Sitecore Desktop to web, start Access Viewer and see access rights information for web database there.
This is baffling me. I used PowerShell to add about 35 libraries to a site and then create and ADD 3 permissions groups for each library which are set to use unique permissions.
After running my code I thought all was fine. When I go to the site I see all the libraries that I made and can go into each of them and the permissions for each library are correct. However, if I go in as any other user I can't see any of the libraries. Even if I go to all "All Site Content" it's as if they don't exist.
I am the site collection admin and am part of that site's Owners group, but other people in the Owner's group can't see the libraries.
Any Ideas?
It might be that the other users who cannot see those library are not having any permission on that library,since you have broken inheritance. You can verify this by logging in as Site administrator. Open the document library--> Library settings-->Permissions for this document library --> Check Permissions. Here type in the user for whom the library was not available, then you can see if that user is actually having any permission on that library or not.
In SharePoint, it has 5 permission level: full control, design, contribute, read, limit access. Permissions are categorized as list permissions, site permissions, and personal permissions, depending upon the objects to which they can be applied; and it can be inherited from the parent, or it can have its own. if one user doesn't have the permission to a list, the user can't see it.
Permissions control is complex in SharePoint, See these MSDN articles for details:
Permission levels and permissions
About controlling access to sites and site content
i'm using Sitecore 6.5.
I want to configure a Sitecore role to access the /system folder from the content editor.
(my end goal is to have certain user to access and edit the webforms in /system/modules/web forms for marketeers)
I have granted read rights to the system folder on the role, but the /system folder does not appear in the content editor tree.
I guess if there is some other security preventing the users to see the system folder?
I can only get a view on the system folder by granting full admin rights to the user.
First off, make sure the user has the Entire Tree and Hidden Items options ticked in the View tab.
Also, to check if it's access rights you can use the Access Viewer to see whether the user has access rights. If they don't you can click on the Read right (for instance) and see why they don't have access to the System node (for example, which role Denies the read access).
For more information, please check the Security Reference document on SDN.
I have a browser:page setup in Zope, and I have:
permission="zope2.Public"
My question is what should I change this to in order to allow only Plone administrators access, and/or logged in (non-administrators) access to this page?
On Zope, you control access to views via permissions, but to permit someone to access a given permission, you must grant such permissions to a role.
Anyone in the Plone administrators group has been granted the Manager role (on Plone 4.2 that'll change to the SiteAdmin role) generally have access to most permissions. There is also the automatic Authenticated role, which is given to anyone that has been authenticated (has logged in). The latter doesn't have many default permissions though.
Permissions are generally named after the action you want to permit. If your view's goal is to manage some aspect of your Plone portal, then the cmf.ManagePortal permission is probably what you want. You can check the full list of default permissions if you need another one.
There is some excellent documentation on how security works in Plone, which includes information on how to define new permissions too, and how to assign existing permissions to roles.
permission="cmf.ManagePortal"
This setting is about permissions not about roles.