Michael Wechner schrieb:
Richard Frovarp wrote:
Using 1.2.5-dev I have ran into trouble with user permissions. I'm
using the default publication.
It seems the only way to make it so a user can access the authoring
side is to add them to a group with at least view permissions on the
whole document tree.
The only permission the user now has is view to the whole tree due to
the group they have been added to. They can't edit a page, submit a
page, publish a page, or deactivate a page.
They can now however schedule jobs that don't appear to work. They
can delete jobs scheduled by users that do have the right
permissions. The real problem is the user has full access to update
the AC Auth sections at will. They can promote themself to be an
editor or reviewer on any page they desire. This is obviously a major
problem. How does one go about fixing this?
have you changed these permission throught the GUI?
You might want to take a look at the actual ac files:
PUB/config/ac/permissions/...
and also the one for the usecases:
PUB/config/ac/usecase-policies.xml
right - I think thats your problem in fact.
You have to specify the allowed role for the usecase named
info-ac-authoring, if you don't specify it all roles have access (as far
as I know). To do so try the following:
1.) in Authoring - rights Auth:
assign the group admin to the role admin - if you don't do that first
you lock out yourself with the next step!
2.) Add the following line to
lenya\pubs\<publication-name>\config\ac\usecase-policies.xml
<usecase id="info-ac-authoring"><role id="admin"/></usecase>
within the <usecases> </usecases> tags.
now you should be able to access the usecase as an admin - therefore
guys just assigned "visit" won't be able to change the rights any more.
Also please be aware that policies are being inherited "down" the tree
if one uses "subtree-policies" ...
HTH
Michi
Thank you,
Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
best regards
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
