Richard Frovarp wrote:
This did solve my problem. The resulting log out of the offending user
isn't entirely desirable, but I probably can figure out how to disable
that tab completely. This would probably be a good addition to the
HowToDefaultPublicationUsefulChanges Wiki entry.
sure, please go ahead ;-)
Richard
Thomas Rammer wrote:
Michael Wechner schrieb:
Richard Frovarp wrote:
Using 1.2.5-dev I have ran into trouble with user permissions. I'm
using the default publication.
It seems the only way to make it so a user can access the authoring
side is to add them to a group with at least view permissions on
the whole document tree.
The only permission the user now has is view to the whole tree due
to the group they have been added to. They can't edit a page,
submit a page, publish a page, or deactivate a page.
They can now however schedule jobs that don't appear to work. They
can delete jobs scheduled by users that do have the right
permissions. The real problem is the user has full access to update
the AC Auth sections at will. They can promote themself to be an
editor or reviewer on any page they desire. This is obviously a
major problem. How does one go about fixing this?
have you changed these permission throught the GUI?
You might want to take a look at the actual ac files:
PUB/config/ac/permissions/...
and also the one for the usecases:
PUB/config/ac/usecase-policies.xml
right - I think thats your problem in fact.
You have to specify the allowed role for the usecase named
info-ac-authoring, if you don't specify it all roles have access (as
far as I know). To do so try the following:
1.) in Authoring - rights Auth:
assign the group admin to the role admin - if you don't do that first
you lock out yourself with the next step!
2.) Add the following line to
lenya\pubs\<publication-name>\config\ac\usecase-policies.xml
<usecase id="info-ac-authoring"><role id="admin"/></usecase>
within the <usecases> </usecases> tags.
now you should be able to access the usecase as an admin - therefore
guys just assigned "visit" won't be able to change the rights any more.
Also please be aware that policies are being inherited "down" the
tree if one uses "subtree-policies" ...
HTH
Michi
Thank you,
Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
best regards
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
+41 44 272 91 61
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
