I've create a role and added to it read, write and create permissions inside the folder /Sitecore/System/Aliases for users that need to create or edit aliases to web pages. However, when editing those permissions, the security editor shows the System folder grayed out and i can't set it to read. When i log as an user with this role, i cannot navigate to the alias folder
What permissions/role do i need to add to this role in order that it can access the Aliases folder?
I'm working with sitecore 6.5.0
The System item is Protected by default, so you'll need to log in as the root admin and Un-protect it before making those changes. Once you make the changes though, I recommend you protect it again.
The System Folder should remain protected and only accessible to Admins and Developers IMHO. For controlling access to creating Aliases, you should control the Alias menu item in the presentation ribbon instead. To do this, deny access to the following chunk in the CORE DB for the given Role...
/sitecore/content/Applications/Content Editor/Ribbons/Chunks/Page Urls
Related
Unfortunately I have a problem with an Forum Based on Domino FP9 Server. Several pages are created with the framework/language xpages. I have created a group and also a category. But the user is unable to get access the content.
My question is: How I can implement the right to an Group inside HCL Admin or Designer to read content on an Page?
Kind Regards
Okan
Access is granted via the Access Control List of the application. In HCL Notes Administrator, find the application on the Files Tab. Right-click and choose Access Control > Manage. IMPORTANT - DO NOT choose Manage Directory ACL in error.
In the dialog that opens up, you should be able to add groups/individuals with appropriate levels of access.
Not exactly sure what the problem is.... i.e. what it has to do with HCL Admin or Designer to do?
However, security in an XPage is exactly the same as with everything else Notes/Domino - so you can use that knowledge to control access rights.
A group in reality works like a single person in terms of access. So you can use it in the ACL of a database and/or in Readers/Authors fields (to control access to specific documents).
If you want to control functions or layout inside your application then I would suggest using Roles as these give an extra abstraction layer and are way easier to use in e.g. hide-when formulas inside your code. And then you just assign the role to a group or person in the ACL of the database.
Remember to set the right type of the entry in the ACL (e.g. Persons for a group that contain persons) - otherwise you can have issues where the server will not grant the expected access ;-)
Currently i generated excel file from TFS 2013.
I want to disable editing this file for some specific users.
I tried to add these users in the group Reader only, but they can modify the excel file then publish it.
On the other side, i want to give them the ability to refresh the excel file and get the latest status.
By "publish" I assume you mean the Check In permission. Readers don't have an explicit Deny on Check In by default, so you may find that people who can still Check In are members of another group with permissions. The usual group being the Contributors group.
To force the matter you can go to the file in question in Source Control Explorer, right click it and select Advanced -> Security and then explicitly set the Reader group to Deny for the Check In right.
I assume that you mean "publishing work items". If you do then people in the readers group will not be able to publish unless they also have contributed rights. So while they can click "publish" they will not be able to make changes on TFS, and they will be able to refresh.
I'm trying to find what is the permission security for allowing visibility of the Alias function in the Presentation tab ribbon.
For the user in question i've browsed to the core database, and under Access viewer, i'm looking that all the items under Applications/Content Editor have read-enabled permissions, specifically the item /sitecore/content/Applications/Content Editor/Ribbons/Strips/Presentation/Page Urls as well as /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Page Urls are read-enabled
However, when login as this user there is no presentation tab.
I've tried resetting the cache and still nothing changes. I'm using sitecore 6.5.0
I think you are almost there, but you still need to give the user sufficient access to the /sitecore/system/Aliases item.
Create a new role(or use an existent one), for example sitecore\Sitecore Client Aliases. Use this role to add the following permissions.
Switch to the Core database and allow Read permission for the /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Page Urls item and its descendants
Switch to the Master database and unprotect the /sitecore/system/Aliases item by using the Unprotect Item checkbox in the Configuration tab.
Allow Read, Write, Create permissions for the /sitecore/system/Aliases item and Read, Write, Create, Delete permissions for its descendants.
Protect the /sitecore/system/Aliases item back.
Add user to the sitecore\Sitecore Client Aliases role.
Found here: http://wiki.evident.nl/Sitecore%20alias%20role.ashx
The easiest way to enable the presentation tab is to use a sitecore standard role.
I'm not totaly sure but i asume it was sitecore\Sitecore Client Designing.
And as far as i know you have to use those standard roles to enable access to certain chunks.
Try using the Access Viewer for the user which doesn't see the Alias Tab. You can manually switch to the core database and then click on the different tabs with the specified user / role to see what causes this behavior. Most of the times you will find out that some role / restriction was set to a higher level item dat denies read rights.
Let me be a little more specific.
I'm working on a web app that provides management of documents and we need to apply security settings to the folders and documents. The folder structure exists entirely in the app (so there is no folder structure on a disk anywhere).
Now, assume that I have a folder structure like this ...
root
-- DirA
---- DirA1
-- DirB
----DirB1
If this were windows, and a user had rights to change the security settings on all folders in the structure except DirA and opted to make a change to root and all its children, what folders would be effected?
My gut feeling is root, DirB and DirB1 but I'm not sure.
The point is, I want to duplicate the functionality - in terms how /how/ settings are applied - to my app. So, I'm just looking for a simple explanation.
--
Simple of Grantham
When you to set security rights for a user/group in Windows, you also specify whether those rights are inherited to all subfolders. So, if you give the user the right to modify rights in root, you would have to make those rights non-inheritable or they could modify DirA as well. However, Windows doesn't grant rights to modify security settings for a folder unless the user has "Full Control" over that folder. I believe this means that if the user has full control to root, he could delete DirA and add a new DirA, with whatever rights he chooses. To get a better feel for how directory rights work, right-click on various folder icons in Windows XP, choose Properties, then select the Security tab. Study this pane, and then click on the Advanced button to see how rights are inherited. By clicking on the various buttons you will see that by selecting certain rights, such as Full Control or Modify, all other rights are automatically included.
I have a document structure where I would like to grant read-only permission to specific group on a sub folder within a document library.
I am using SharePoint 2007
For example:
Folder : Business <--- Document Library under business I have two sub folder.
---> 2009 --> Sub Folder --> store all docs
-----> 2010 --> Sub Folder --> store all docs
Now, I have two groups: Group A, Group B. I would like to grant read-only permission for the 2009 folder to Group A and grant read-only permission for the 2010 folder to Group B. I want to make sure Group A people cannot access the documents under the 2010 folder and vice versa.
I have tried to setup a target audience on Business folder. But I am unable to find a way to setup permissions on the sub folder level. Please let me know how can I achieve this.
This is just configuration:
In the document library, hover the mouse over the folder to see the drop down menu.
Activate the drop down menu by pressing the down arrow
Choose Manage Permissions
Click the Actions menu and choose Edit permissions. Confirm that you want to break inheritance of permissions from the parent.
Edit the permissions as required.
Obviously, you need to be logged in as someone who can change permissions (a site owner or similar) to be able to do this.
If you need a way of progamatically doing this you can modify this script to suite your needs: powershell-to-get-a-list-of-all-folders-in-downloads-pivots
I suggest creating groups for each folder you want to set permissions and then put the people in there. If manual is all you need, then Chris' soulution is perfect :)