Hi Curtis and Tony, Thanks for the advice.
Curtis: I think you're right, and now I understand the way Auth Packages work a bit better - the "Link" section rules apply to all the structural links off the page - so Create Page etc... So this seemed to do what I want when I denied all but Read access in the Links section the Manage List reddots was not allowing access - excellent. On the other hand tho, we use a Create Page plugin that Reddot helped us setup and that seems to get around the authorizations and can still create the page... We could just look at removing that from pages were we don't want 'normal' users to create. Tony: Good advice, we should look at doing that. Only problem is we have a lot of users contributing to our site and may take a while to determine where we want to allow access. At the moment, in our case it's easier just to prevent access where users are causing us trouble. Thanks again folks - I'll get this sorted one of these days! Cheers, Chris. On 16 December 2011 19:24, Tony Gayter <[email protected]> wrote: > Also best practice woudl really be deny all editing globally (just allow > read) and then allow options in auth packages rather than deny, that way it > catches everything. > > On 16 December 2011 19:06, Kimball, Curtis <[email protected]> wrote: > >> Not positive, but I think you need to attach it up one level >> If you attach an auth package to the list it will apply to all pages on >> the list, but NOT to the page with the list itself. >> >> -Curtis >> >> Curtis Kimball >> Director >> Web Services >> Southern New Hampshire University >> >> SNHU.edu >> 603.314.1477 >> >> >> >> >> On 12/16/11 12:35 PM, "ChrisJ" <[email protected]> wrote: >> >> >Hi all, >> > >> >I've been trying for most of the day but I can't get something that I >> >think should be simple to work: create an autorization package that >> >prevents users in a specific group from creating pages on a list >> >element. >> > >> >I've created an Authorization Package attached to a specific list on a >> >page. For the group I want to ban, I've setup autorizations them with >> >"Links: Create Page - Deny ticked" (also connect page, delete page, >> >etc...). However, I can still in SmartEdit, open the list and Create >> >and Connect Page with a user from that group only (they can also >> >Connect and Delete, which were the others that I Deny'd). >> > >> >Is there something I'm doing wrong? Had anyone else got this working? >> > >> >The Auth package is connected just under the list element. >> > >> >Any help is much appreciated as I think I'm going a bit mad now! >> > >> >Cheers, >> >Chris. >> > >> >-- >> >You received this message because you are subscribed to the Google Groups >> >"RedDot CMS Users" group. >> >To post to this group, send email to [email protected]. >> >To unsubscribe from this group, send email to >> >[email protected]. >> >For more options, visit this group at >> >http://groups.google.com/group/reddot-cms-users?hl=en. >> > >> >> >> Please consider the environment before printing this e-mail. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "RedDot CMS Users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/reddot-cms-users?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "RedDot CMS Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/reddot-cms-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en.
