+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / 5.0 SE - Permissions on Image Libraries and Manage Image Libraries

5.0 SE - Permissions on Image Libraries and Manage Image Libraries

8 posts, 0 answered
  1. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    23 Mar 2012
    Link to this post
    How to create Image Libraries special for one Role. Restrict access for all other libraries?

    I have created a role 'MyRole'
    I created a user 'MyUser' who can access the backen and is in role 'MyRole'
    --------------
    As Administrator I created a image library 'MyRoleImages' and granted permission to 'MyRole'
    --------------
    Logged-in in as 'MyUser' I will not see the Content - Images option
    --------------
    Logged-in as Admin i granted Adminstration - Permissions - Rights to Image Libraries for 'MyRole'
    ----------
    Logged-in as 'MyUser' I now have the option Content - Images

    However two problems

    1) it seem the 'MyUser' in 'MyRole' can manage all albums
    a) wrong settings or would I have to remove premissions for 'MyRole' from all other and futur libraries (used to be like this for pages in 4.0)

    2) as 'MyUser' I can see the link Manage ImageLibraries but when clicked get an 404 error this kind of pages not served. 

    Markus

    Server Error in '/' Application.

    This type of page is not served.

    Description: The type of page you have requested is not served because it has been explicitly forbidden. Please review the URL below and make sure that it is spelled correctly.

    Requested URL: /Sitefinity/Content/Images/Albums


    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.272

  2. Grace Hallwachs
    Grace Hallwachs avatar
    144 posts
    Registered:
    03 Nov 2014
    28 Mar 2012
    Link to this post
    Hello,

    I was able to reproduce this issue. The issue comes from the permissions not set correctly for the Images and Image libraries. I logged on as the Adminstrator, went to Adminstration >> selected permissions for "MyRole" >> then changed the permissions to allow for "Image" and "Album" sections. Then I logged out and logged back in as MyUser and clicked on Content >> Images and was able to view the album and the pictures within the album.

    When setting permissions there are a couple things to remember about setting permissions:

    1. Make sure that the user has appropriate permissions depending on the provider- at last View permission for a given page.

    2. Make sure that the user's role does not inherit permissions from another role that has deny set fro "View" right. Deny has higher priority than Allow.

    Please let us know if you have anymore questions.

    Regards,
    Grace Hallwachs
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    29 Mar 2012
    Link to this post
    Dear Grace

    Thank's for the feedback, also on my support ticket.

    I was fearing this answer. To me this very very bad.

    When I grant a role access to see libraries this role gets automatically added to the default users who can manipulate libraries.

    Imagine when you have a 20 libraries and you want now a new user/role to have access to one libarary only.

    a) you need to give that role permission so see libaries
    b) you then have to deny his access in all other 19 libaries - meaning at the moment you have to break inheritance of this 19 libaries

    What about future libaries. As soon as an admin opens a new libary he probably has to rember to revoke the rights for the one user/group!

    This is simply bad.

    Feature Request: When granting a user/role access to see/manage libaries the user/role should not automatically be added to the default settings but should only be able to see work on the libaries access was granted for.

    Bottom line. Libraries access should work now like page (this was fixed also) Granting is the word not denying!

    Markus
  4. Grace Hallwachs
    Grace Hallwachs avatar
    144 posts
    Registered:
    03 Nov 2014
    03 Apr 2012
    Link to this post
    Hi,

    I have submitted a feature request on your behalf. You can follow its progress in PITS and vote for its popularity.

    Kind regards,
    Grace Hallwachs
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    03 Apr 2012
    Link to this post
    Dear Grace thanks a lot.

    I think you have perfectly described the problem: When granting a user/role access to see/manage libraries the user/role should not automatically be added to the default settings but should only be able to see work on the libraries access was granted for.

    Now I just hope may will vote for it and that we will see a fixe behavior in 5.2

    Thank's again
    Markus
  6. Grace Hallwachs
    Grace Hallwachs avatar
    144 posts
    Registered:
    03 Nov 2014
    04 Apr 2012
    Link to this post
    Hi,

    Please let us know if you have anymore questions or concerns.

    Regards,
    Grace Hallwachs
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. Laura
    Laura avatar
    311 posts
    Registered:
    25 Feb 2008
    17 Feb 2013 in reply to Grace Hallwachs
    Link to this post

    This hasn't been fixed, has it.  I see that for the Documents and Files (or any tab) to show up you have to grant access to either Create New Or Manage All. 

    Then what?  Go through each library and override the setting for the one you don't want the role to access?   

    Usually our clients aren't this granular but we now have a client with extensive role based editing rights down to one role can only edit a single particular file. I've spent way too much time on his already.

    Sitefinity - you may have taken a few steps forward with the permissions but you also took a leap backwards...  :(

    I am hoping i am just overlooking something obvious!

  8. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    18 Feb 2013 in reply to Laura
    Link to this post

    Dear Laura

    I sure hope this will make it to 5.5 or next version. 

    Markus

8 posts, 0 answered