Am using Kentico 9 in creating book store that will contain more than one section like Fiction Books and so on .. i want to assign rule to user that allow him to manage this section only to add/modify/delete books, and so on with the rest of the sections .. i can now assign manager or editor that can modify all products, but i need to make him belongs to just one category of products .. also i've tried to assign department to products and just assign user to manage it but still it doesn't make sense .. i've tried to check Kentico Doc to find an answer on this question but i didn't find the solution, can any one help me in that?
What you are looking for is the Default alias path property within the user configuration (Users -> user -> General -> Default alias path) where you can specify what section of the content tree your user will see. Then you can just set proper permissions.
Does your category (or section) of products have the same page type? If so you can set proper permissions for CRUD operations (and more) per each page type (type of product). Just go to Permission > Permissions for: Page type and set proper rights.You can learn more here.
If not, you can still use Page-level permissions - ACLs (just follow example section).
Related
I've been a Notes developer for years but never used an Access Control Section on a Form.
I want to give (web) users (with the right [role]) access to edit only one field on a document. I'm assuming an Access Control Sections is the way to go.
A couple of things aren't obvious:
As well as adding the [role] name to the Access section's formula does it also have to exist in an Authors field on the document?
If #1 is true, then do all other fields have to also be in an Access Control Section where that role can not edit them?
Jake
The access control section controls access to what ever is in the section. It does not need an authors field.. Only the content or fields that you want to control access to are included. Authors fields define who can edit a document. Regardless of what level of access a user has, if there is an authors field and the role is not listed, that user will not be able to edit the document.
You can use an authors field to limit the editors to certain documents, from there you can further restrict access to fields to edit by sections. If you do have an authors field in conjunction with a section, the role needs to be in the authors field as well as the section access formula in order to be able to edit
In Lotus Notes Access is ALWAYS calculated top -> down.
If you don't have Author- Access to the document itself (defined by an Author- field or because you are Editor or higher) then a Section- Author- Role will not help you.
The answer is: Yes, you need an editor- field containing the role.
In consequence the answer to your second question is also: YES, you need to protect the other fields with a section (without the role) as well, if you really want to restrict access to that single section.
I have a discussion list and need to provide contribute access only to this list for all users with read access(i.e visitors). Basically, all visitors should be able to submit their comments in discussion list, but at same time no contribute access on any other lists of the child site. How can I do this without breaking the permissions inheritance from top level site??
Any workaround/ideas are appreciated..
"without breaking the permissions inheritance from top level site" <-- not possible!
Sharepoint's permission model is based on inheritance. If you want different permissions for one particular list, different from the rest of your site - you will need to break permission inheritance (hence the name inheritance).
Any reason why you don't want to break inheritance?
( Regarding Moss 2007 )
i have created a sharepoint list in which one column is called user assigned - this is a lookup column of type - people and group.
i select the users from active directory to enter this field of the list.
So different items in this list have different users assigned
I have create permissions for this list to be read and write to the users in active directory .
so that when a particular user logs in to the sharepoint website with his credentials. he has read and write access to the list.
Now is there any way available in sharepoint by which the user do not see the whole list when they login to the website . He only sees the items of the list which the user assigned field is him only.
If the permissions are indeed setup right, you only have to go to List Settings, Advanced Settings, Item-Level Permissions and on "Read access: Specify which items users can read" you define their own.
If the users are not the creators of the items, you need to go to List Settings, Views (at the far bottom), modify the All Items View (or w/e you have as default), go to the filter section and add a filter like: "Show items only when the following is true", "Show the items when column" Assigned To is equal to [me]
I've been implementing such solutions for some while. It is possible, but
it takes much work to be done
if used in long term and/or the amount of data is large, this will hit performance
If none of these is a problem for you, then you can:
create code which performs BreakRoleInheritance() on the item, then adds ViewListitems permission for the user in "user assigned" column. You can find example code, for instance, here: http://social.msdn.microsoft.com/Forums/en/sharepointecm/thread/581e456c-db3c-44f1-b958-a824d95a2536 (or search in Google for "SPPrincipal" and "SPRoleAssignment" for more info)
make this code be called whenever the item is added or updated (you have to wait for the "-ed" events, because in the synchronous version of these events you can't change the permissions yet, for instance in "ItemAdding" there is no item created yet). You can achieve this by adding an event handler to the list.
How do I create a different users category? (more restrictive - with view only properties)?
How do I create a View - only for this category of users?
I need to group some users into a view only category and then assign only ONE view to this group, so they can not see everything that is in my list.
SharePoint, so far, does not give the option to restrict access at cell level so I need to go around this and create a view for this group, with the condition that all that they can see is this View (and they should not be able to add columns to this view).
Thanks.
Considering that you want to restrict the List View to only specific set of users. You have the following options
Doing it in the SharePoint UI but not suitable if you have lots of item and you want to do it for a SharePoint Group.
Open Source - CodePlex Good one I have tried it - It has got what exactly you want Column level restriction
Third Party in case if you feel to spend $ - Seriously I didn't try this tool.
Another Option to do it in SharePoint UI - Quick solution but - Wont prevent user from creating their Own Views.
As MSDN states, then WriteSecurity has 1 of 3 states possible:
1 — All users can modify all items.
2 — Users can modify only items that
they create.
4 — Users cannot modify any list
item.
But if I want behavour nr. 2 plus users can modify items that are assigned to them? Well if I grant a user full permissions (put in owners group) for list, then those can edit any item (not good). So why wouldn't it work by setting item level permission "full control" just for AssignedTo user (good)? I did, but that didn't help - access denied.
I want exactly the functionality as stated in question "Automatically set list item permission, after new item is created", quoting:
Every users (Supervisor and team members) can see any tasks.
Supervisors can edit any tasks
Team members can only edit their own tasks (tasks that were assigned to them, or created by them)
but although answer has been accepted, the solution does not provide a way for users to edit items assigned to them or items created by user.
Help is appreciated, thank You!
Your only way to do this is using Item-Based Permissions. E.g. have a Workflow or Event Handler change the permission on each file/object based on your requirements.
The solution you quote from the other task is simply setting 2 for SPList.WriteSecurity which still doesn't give users the possibility to edit something they have not created, but were assigned to - in this case you will need to give these users permission, e.g. by listening on the "Assigned To" field with an Event Handler (OnItemUpdated) and give the respective person the needed permission.
Furthermore the solution talks about just setting higher permissions for the users who should always be able to edit items (managers), which is a solution, but you do not have the granularity you usually want in situations like these.