We are facing issue with non- admin user of sitecore.The admin user of sitecore can see all language which is there in Sitecore->System->Language, we have total 12 language there.
When we create user who is Sitecore client author and publisher and acess any content item then we only see 4 languages(i.e. en,en-gb,RU,ar-AE).
In Accessviewer we have given "Read,Write,Language:Read and Language:Write" permission on all the language except two but as I said I can see only four language after clicking on language button in popup and even for publishing also from non admin user I can see only these four languages. Let me know if I am missing any thing in configuration for content editor
I was reading this blog article and it said the following:
If you do not apply any permissions to a language then all members have write access.
My users have now write access to one language only (or several languages if they a members of more than one language role). But they do not have write access to any content. This is done using trivial Sitecore security on the content. I use the Editor role for setting up read/write access to the content itself:
In his article his users have permissions the same roles, and similarly language restrictions. However it seems you need to explicitly go through content they should be able to edit also and give them permissions for that content.
Worth trying.
Related
Unfortunately I have a problem with an Forum Based on Domino FP9 Server. Several pages are created with the framework/language xpages. I have created a group and also a category. But the user is unable to get access the content.
My question is: How I can implement the right to an Group inside HCL Admin or Designer to read content on an Page?
Kind Regards
Okan
Access is granted via the Access Control List of the application. In HCL Notes Administrator, find the application on the Files Tab. Right-click and choose Access Control > Manage. IMPORTANT - DO NOT choose Manage Directory ACL in error.
In the dialog that opens up, you should be able to add groups/individuals with appropriate levels of access.
Not exactly sure what the problem is.... i.e. what it has to do with HCL Admin or Designer to do?
However, security in an XPage is exactly the same as with everything else Notes/Domino - so you can use that knowledge to control access rights.
A group in reality works like a single person in terms of access. So you can use it in the ACL of a database and/or in Readers/Authors fields (to control access to specific documents).
If you want to control functions or layout inside your application then I would suggest using Roles as these give an extra abstraction layer and are way easier to use in e.g. hide-when formulas inside your code. And then you just assign the role to a group or person in the ACL of the database.
Remember to set the right type of the entry in the ACL (e.g. Persons for a group that contain persons) - otherwise you can have issues where the server will not grant the expected access ;-)
I have set up a new role in my Sitecore 8 (update 3) instance and have assigned the following roles to it (as well as giving read/write access to my content tree):
sitecore\Sitecore Client Translating
sitecore\Sitecore Client Users
sitecore\Sitecore Client Authoring
sitecore\Sitecore Client Designing
When logged in and using the Content Editor, I can change language ok. When I change language in the Page Editor Experience Editor however, (using Experience > Language menu item) I get a 404 error. If I clear the URL in the browser to the root (hostname) the language appears to have been changed.
Edit: Additional Information
It's worth noting that:
The solution does not use translated items. We have a separate content tree (within a single instance) for each site/language.
The linkManager is configured to use DisplayName for the URL.
Please share the snapshot of your new content tree structure and link manager config settings if possible. Meanwhile, can you please revert link manager settings and check if it works fine? Also use firebug net tab with persist to see the URLs requested while click on second language.
Also, please check following cookies values if updated your-site-name#lang:-
website#lang
here webiste is name of default sitecore site
Moreover, when your Experience Editor is loaded, just to make sure, click on default language from language menu to see if it works even for default language.
As said keep your firebug open with persist and keep eye on net tab with all to see if any resource request having 404.
I'm trying to map some infoboxes from Wikipedia to the DBpedia ontology.
According to http://mappings.dbpedia.org/index.php/How_to_edit_the_DBpedia_Ontology
But I don't have permission to edit the ontology, nor the wiki pages, although I created an account.
How to get permissions?
You need editor rights, next to your user account.
The procedure to get to start mapping is on the Main page of the Mappings wiki:
Prerequisites
If you would like to edit the mappings or ontology schema this is what you need:
a user account on this wiki (login/sign up)
editor rights
they will be given to you within a couple of days
if not, please ask for editor rights at dbpedia-discussion#lists.sourceforge.net. Include your user name in the message.
once you got editor rights, please provide some information about yourself on your user wiki page
a namespace for the language you want to write mappings for
if the namespace does not exist already (see the left side bar) please request it at dbpedia-discussion#lists.sourceforge.net
(Edit: added core point to answer.)
I have only recently started using Liferay 6.0. I have downloaded liferay-portal-tomcat-6.0.4_1 community edition.
First of all can you please recommend me some website and books or articles for Liferay 6.0? (The ones available on the Internet are for earlier versions...)
Secondly. I don' t seem to get the structure of Liferay. For example, how do organisation, communities, users, pages all fit in together?
Lastly, could you tell me how I could make a link on a page to point to a directory on the file system at the local machine of the user?
Thanks.
To work through Liferay internals is really tough but it's not impossible. There's no main source of documentation and people has to google around and forget things very easily without possibility to get back to the original source...
Organizations can form hierarchies as real organizations would.
Communities has similar role as organizations but from a different point of view.
The main difference consists in :
persistence - persists in time in
contrast to communities which appears
and disappears
administration - users “belong”
to an organization which means that
the the admin of an organization is
able to edit his profile. On the other
hand users “join” a community which
means that the community admin can
only manage the membership.
Relationship - organizations can
form a hierarchy while communities are
independent of each other
membership - users “must” belong
to an organization while joining a
community is optional
User groups - Unlike organizations and locations, user groups have no context associated with them. They are purely a convenience grouping that aids administrators in assigning permissions and roles to a group of users instead of individual users or assigning a group of users to a community.
Roles define permissions across the portal, an organization or across a community. There are functions like creation of a thread in a discussion forum. Problem is that there are forums across scopes like community, organization or the entire portal. So that portal role grants access to creation of a new thread in each and every discussion forum and community role just within a particular community.
I'm also a Liferay newbie but here's the general structure of Liferay in case someone is interested.
Organizations are a portal administrator mandated hierarchy. Organizations may have sub organizations that are administered by organization administrators in each organization. Each organization can have it's own pages.
Communities are like organizations but can't have sub communities and non-administrator users may be allowed to create them. Each community can have it's own pages.
Users are registered users who may have their own pages and may belong to any number of organizations and/or communities.
Pages are web pages that users with certain permissions can edit simply by selecting a predefined layout and adding/removing portlets and sub-pages.
Portlet is a web application that usually "runs" as part of a page in it's own window like container.
can you please recommend me some website and books or articles for Liferay 6.0?
Our liferay tag is a good place to start with. It contains all the relevant information about some useful websites and also some good books suggestion. And it is continually being updated.
I don' t seem to get the structure of Liferay. For example, how do organisation, communities, users, pages all fit in together?
Unlike for previous versions, the user-guide is really a good place to know some basic administration concepts like these.
could you tell me how I could make a link on a page to point to a directory on the file system at the local machine of the user?
I don't know exactly what you want or what is the requirement to do this, but giving <input type="file" /> would open the file browser to select a file or else you can use flash to achieve this or construct a link like Click to pen local folder - but this only works for windows and it opens the folder structure inside the browser itself and with IE it opens the Windows explorer.
Now, you can access Liferay documentation to learn more about liferay. Starting from v6.1 there are no communities. Now it has organizations and sites.
As far as I know, currently there is only one book for Liferay 6, from Jonas Yuan:
http://www.liferay.com/web/jonas.yuan/blog/-/blogs/liferay-book:-liferay-portal-6-enterprise-intranets
On the "My site" feature of Sharepoint there is a "memberships" Web part that shows the distribution list that the user is a member of.
This is picking up several groups that we would rather not be shown e.g. some that have been set up for administrative purposes only.
Is there any way to control which groups are shown; ideally this would be using another AD group and setting that only members of this group are shown.
I'm fairly sure this won't be possible without a custom web part that is deployed instead of the official part. The reason the Exchange solution doesn't work is because it's going the wrong way (from group to member instead of member to group).
To deploy it you can look at feature stapling... you would need to update the existing sites as well.
This is not an easy answer. I don't believe there is an easy answer.
The best solution would be to set a Deny Access Right for the distribution lists in Active Directory; follow these steps:
1) Open Active Directory Users & Computers as an admin (any user with access to creating groups and modify distribution list security settings).
2) Go to the View menu and make sure that there's a check-box next to Advanced Features.
Create a new security group in Active Directory (call it HideFromSharePoint or something) and add the SharePoint Content Access account (in my case DOMAIN\sa_spcontent) to that group (has to match the account used in step 4).
3) For all of the distribution lists that you don't want to show up in SharePoint do the following:
3a) Open the distribution list and select the Security tab (Advanced Features must be checked for this tab to be shown).
3b) Click on Add and type in the name of the security group that you created in step 3 (HideFromSharePoint); click Check Names and click Ok.
3c) Under Permissions for HideFromSharePoint; check the Deny box next to Read (it's set to Allow by default) and click Ok and Ok again at the prompt.
You've just denied any members of the HideFromSharePoint group read access to the distribution list.
4) Go to SharePoint Central Administration; SharedServices1; User Profiles and Properties; Configure Profile Import and under Specify Account enter the credentials of the account that you added to the HideFromSharePoint-group in step 3. (For some reason if you leave this to using the Default Content Access account SharePoint will use some other account to access Active Directory and thereby being allowed access to the distribution lists. You could experiment with adding other SharePoint service accounts to the HideFromSharePoint group but I think it's safer to specify an account explicitly so that you know which account is accessing AD and importing the data.) Also make sure the "Import Connection" for your Active Directory is set to "Use Default Account" (thereby "inheriting" the account used for Profile Imports).
5) Go to SharePoint Central Administration; SharedServices1; User Profiles and Properties and click on Start full import. (You can't do an incremental import because nothing has changed for the users in terms of group membership; it's just the access rights that have changed.) After completion of the full import (click Refresh until "Import time:" says "Started full import at 11/25/2009 ##:## AM - Ended import at 11/25/2009 ##:## AM")
The distribution lists should now no longer show up under Memberships.
A couple of things to note:
You have to set the Deny Access Right explicitly and individually on all of the distribution lists that you don't want showing up in SharePoint. That's because the special AD-group "Authenticated Users" has read access to every object in the directory by default and explicit Allow Access Rights trump Deny Access Rights set (for example) at the organizational unit level.
While you could skip the step of setting up the HideFromSharePoint-group and set the Deny Access Right directory for the SharePoint Content Access account Active Directory administration best practices is to use a group when configuring security permissions. (Then you can add additional members to that group and have those denied read access too.)
You might have to wait a while (5+ minutes or so) between setting the the Deny Access Rights for the changes to replicate to all of you domain controllers. Otherwise the import might read from a domain controller where the Deny hasn't yet come into effect.
Be careful adding any other accounts to the HideFromSharePoint-group because this might break your distribution lists. For example; if Exchange can't read the groups mail won't work. As long as you just add the SharePoint Content Access Account you're safe.
Also (and this has nothing to do with SharePoint or the solution above) be aware that any user in your domain can fire up ADUC or a LDAP tool and see the members of your distribution lists that way. If you have anything "Top Secret" you need to experiment further with setting access controls in Active Directory.
I assume that your "memberships" web part is using the SharePoint people picker functionality internally.
If that's the case, then the following stsadm command should help you scope your AD lookup the way you want it:
stsadm -o setsiteuseraccountdirectorypath -path <name of OU> -url <URL name>
You could try editing the Distribution List on the Exchange Advanced tab, selecting the "Hide group from Exchange Address lists" check box.
I have not tested this but in theory it would stop the Distribution List from appearing the the list of groups.
Easy fix: add a JavaScript to the page on which those appear that targets and then hides the specific items by applying a CSS style.
I don't have an exact answer, but here's how I would think through the problem. Perhaps you have already answered some of these questions, but it might help to go through them again. I would look at the questions in the following order:
Is there an option in Active Directory to hide a group from SharePoint? (sounds like no)
Is there an option in SharePoint administration (either through stsadm or the actual administration site) to exclude certain users or groups in AD from SharePoint?
Is there a way to configure the web part to exclude certain users or groups from the web part itself?
Is the source code to the web part available such that you can compile the web part to exclude certain groups in the list?
Can you use javascript (as Josh mentioned) in conjunction with the webpart to hide the Distribution Lists from the webpart? (Here's a site with an example of how to use JavaScript to Hide SharePoint's Quick-Launch bar. Maybe that will help).
Those questions are in order from the widest scope and easiest to implement to the narrowest scope that is more difficult to implement. Obviously, you'd like to implement a solution that is easiest to implement, but perhaps you find yourself farther down in the list.
In the last two examples, the solution may appear quite complex, but you may be able to write code that references an XML file of sites to exclude. That way, if your list of Distribution Lists changes, all you have to do is edit the XML file and not edit the source code (of either the javascript or the webpart).
If there's not a simple solution, you'd have to make the painful choice of either 1) letting the problem remain or 2) implementing a hack that adds a dependency to your solution.
I think Distribution Groups that aren't security enabled don't show up in SharePoint. Have you checked AD to see if these groups are security enabled? This may be only for permissions purposes, so I could be wrong.
You will probably need to do a profile import before you see any changes.
You can turn off Distribution Lists entirely, which is what we are doing at my company. This is done by going to the Profile Services Policies in the SSP and disabling the Distribution List feature.
Now if you want to pick and choose the Distribution Lists, it's not that simple, but hopefully this will help someone.