+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / custom role permission bug

custom role permission bug

22 posts, 0 answered
  1. Jaime
    Jaime avatar
    28 posts
    Registered:
    01 Mar 2010
    29 Apr 2011
    Link to this post
    I'm having trouble with permission for users in custom roles. I'm also having a hard time finding this issue listed in previous threads.

    These are the steps I went through.

    1. Create a new role and give this role full permissions for pages.
    2. Create a new user for this role.
    3. Create a page or collection of pages that only admins and this new role will have permission to. This new role will only have access to this section of pages. Therefore, I have to break inheritance on these pages to give this role permissions on this section only and no other page. In the "Permissions for all pages" this role is not added to any permissions, but on the individual pages it is.
    4. Give this role View permissions on the backend "pages" so this new role can see the pages menu when logged in. Oh, and I also gave this role backend permission.

    After logging in with this new user, the pages tab/menu is not visible. It can't edit or see any page.

    Furthermore, I went back in as an admin and added permissions for this custom role on the "permissions for all pages". I just gave this new role permission to edit content. I logged in again and could see the pages section. I could edit and publish on the pages I gave specific permission to (broken inheritance ones) but on the other pages I tried to publish some changes and it said I wasn't allowed to. That means those pages I didn't break inheritance didn't truly inherit permissions when I gave them content editing permissions globally.

    So, am I doing something wrong or is this a bug? I need custom roles (lots of them) that have access to their specific pages and content. Now what?
  2. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    09 Dec 2016
    02 May 2011
    Link to this post
    Hi Jaime,

    Please excuse us for the inconvenience this issue might be causing. We have registered this behavior as a bug with permissions not applying correctly for custom roles. You can track the bug status and vote for it in PITS on this public URL. We'll be working on providing a timely fix for this problem. in the meantime, as a possible workaround, you can use the default roles, which should work without any problems.

    Greetings,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    10 May 2011
    Link to this post
    I did not find where I can give a user access to see the main Menu 'Pages'

    This is what I did:

    Created Role 'DoesOnlyGroup'
    Created user 'JohnDoe' in Role 'DoesOnlyGroup'


    Create 10 Page with standard roles
    Create 1 Page and break inheritance and give 'DoesOnlyGroup' also access.

    Now when loggin in as JohnDoe I can not see any pages?

    Or am I missing somewhere how to set permission to the pages. I looked at the roles section and did set as much views as I can (images, ImageGalleries and stuff) but they dont appear under Main Menu either (only Newsletter Beta)

    Is this related to this bug, or am I missing something?

    Markus
  4. Antoaneta
    Antoaneta avatar
    258 posts
    Registered:
    02 Nov 2015
    10 May 2011
    Link to this post
    Hi Markus,

    To make the Pages menu visible for the selected users you need to go to "Permissions for all pages" (see attached) and then give modify permissions to the specific role or user.  

    The Pages link will become visible in the menu and all pages will become accessible. If you want to deny access to some of the pages you can do this separately for every page from its permissions menu.

    Best wishes,
    Antoaneta
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    10 May 2011
    Link to this post
    Dear Antoaneta

    So what you tell me is that

    I have to grant access to the role 'DoesOnlyGroup' to all 10 pages and then remove them from 9 pages.

    I was under the impression I could simply grant the role 'DoesOnlyGroup' access to 1 page where he should have access. Thats why I can break permissions, not?

    So I ask the question again. Could this be a bug?

    Try make a fresh 4.1 project

    Create 2 users (one admin, one in a new group called 'DoesOnlyGroup'

    Create 10 pages
    Take permissions for one page and grant access for this 1 page only to 'DoesOnlyGroup'

    Log in as user with this group and see if it works.

    Markus
  6. Jaime
    Jaime avatar
    28 posts
    Registered:
    01 Mar 2010
    10 May 2011
    Link to this post
    Markus,

    Don't waste your time. Custom roles as you described don't work.

    You can try to test your scenario using two different standard roles to test you understanding of permissions. If it doesn't work you might have missed a step.

    Good luck,
    Jaime
  7. Tom
    Tom avatar
    37 posts
    Registered:
    26 Apr 2006
    10 May 2011
    Link to this post
    See my post here for more information that might be of assistance related to this topic. The latest internal build 4.1.1367, (to be included in the SP due out soon), addresses some of this, but I still have some concerns which I discuss in the other post.
  8. Laura
    Laura avatar
    311 posts
    Registered:
    25 Feb 2008
    12 May 2011
    Link to this post
    Boy, I really regret day by day for putting our client on 4.0 prematurely.  Learning every day about things that just don't work. Don't even know what to tell our client anymore.   I think Telerik definitely jumped the gun on this one.  I know when the bugs are mostly worked out it will be an amazing product but for those of us who took the leap of faith are paying for it severely with the clients! At least in 3.7 I knew how to do the workarounds...  now it is a completely different beast!
  9. Antoaneta
    Antoaneta avatar
    258 posts
    Registered:
    02 Nov 2015
    13 May 2011
    Link to this post
    Hello,

    Thank you all for participating in this discussion

    As you have already discovered there are few problems related to custom roles and permissions. The process of assigning permissions is very time consuming (but it at least it is working). We will do our best to fix these problems as soon as possible.

    We have also logged this issue in PITS where you can go and vote for it. The ID is 5966

    Best wishes,
    Antoaneta
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  10. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    13 May 2011
    Link to this post
    Dear Antoanetta

    I was under the impression that cutom roles would be working after the expected release of 4.1 SP1? An I wrong? The status in PITS is still open.

    If custom roles wont work after the SP1 expected today - then I really start to worrie.

    Markus
  11. Tom
    Tom avatar
    37 posts
    Registered:
    26 Apr 2006
    13 May 2011
    Link to this post
    Thank You,

    Everyone, please vote on these related issues: 5965 and 5966.

    Tom
  12. Antoaneta
    Antoaneta avatar
    258 posts
    Registered:
    02 Nov 2015
    13 May 2011
    Link to this post
    Hi Markus,

    Custom roles are currently working and you can create your own role with specific permissions.
    The problem is that assigning permissions is a hard and time-consuming procedure, because for some very simple settings you will need to make several additional steps.

    Best wishes,
    Antoaneta
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  13. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    13 May 2011
    Link to this post
    Hi Markus,

    Custom roles are currently working and you can create your own role with specific permissions.
    The problem is that assigning permissions is a hard and time-consuming procedure, because for some very simple settings you will need to make several additional steps.

    Best wishes,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  14. Laura
    Laura avatar
    311 posts
    Registered:
    25 Feb 2008
    13 May 2011
    Link to this post
    That is great if only we could upgrade to 4.1 which we can't as there are problems!
  15. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    13 May 2011
    Link to this post
    Dear Radoslav

    Just to make things clear

    I have a custom role calle "RestrictedAccess"

    I create pages

    page1
    page2
    page3
    page4
    page5

    The role "RestrictedAccess" should have Access to page5 only.

    Expected
    Break permission and grand role RestrictedAcess access to page5

    What I hear from Telerik
    Grand acces for role "RestirctedAccess" to ALL pages
    Break permission on every other page (1-4) and remove role "RestrictedAccess"

    Is that true?

    If yes. Would every user who creates a new page have to remember to remove role "RestircedAccess" from the newly created page?

    What if the user who created that page has no rights to remove roles?

    Markus
  16. Tom
    Tom avatar
    37 posts
    Registered:
    26 Apr 2006
    13 May 2011
    Link to this post
    Markus,

    Sounds like you are interpreting things correctly and you make a very good point about users not having access to remove roles.

    Internal build (4.1.1367), was supposed to contain the permissions fix to be rolled into SP1. In this internal build, granting "Modify Pages" to all pages did not really grant modify pages to all pages, (which by definition is another bug), It did, at least, allow the Pages menu to be visible to the user and it blocked the user from being able to modify other pages for which he was not the owner.

     With the release of the SP, we are pretty much back to the way it worked in the opriginal 4.1 release.

    As far as addressing the permissions issues, the 4.1 SP1 has provided no fixes that I can see. It works the exact same way that it did.

    If all you need to do is create a simple site with a few users, then having to remove permissions from all the other pages might work, but it is beyond impractical if your web site has many users with complex permissions.

    Tom
  17. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    13 May 2011
    Link to this post
    @Tom

    I sure hope you are wrong about this.

    @Radoslav

    Is Tom true. Please tell me - NO!

    Markus
  18. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    17 May 2011
    Link to this post
    @Radoslav

    How about the question about removing roles from pages needed for every new page created?
    How about the question that user might not have the rights to do this?

    Question still stands - The only way is

    Grant a small group access to every page, and remove them from all pages they should not see

    vs. 

    Grant a small group access to a single page.

    If this is still the case are we to expect changes in Q2 at least?

    Markus
  19. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    17 May 2011
    Link to this post
    @Radsolav

    Please answer the post above before answering this!

    I tried the approach grant access to my customrole to all pages.

    When I break inheritance of pages the custom role should not have access and remove the right to edit content. the pages get grayed out when accessing the back-end as a user of this group. So this is somewhat good. I rather have the pages not visible at all but this can be a problem when you have access to a page in 3rd level but do not have access to the partent pages.

    However some  questions remain

    1) When I grand Access to My Group to a page 'Seiteninhalt bearbeiten' (sf_custom_roles_01.png - which I cant get back to english) the user of My Role can enter into edit the page BUT I have no save buttons (workflow maybe)

    2) I then granted access also to 'Eine Seite ändern' (I assume the difference is draging stuff around????)

    3) I can grant rights in the role (sf_custom_roles_02.png) how do they play into this whole thing

    At the moment my conclusion is one of the following

    a) custom roles simply are not working
    b) I have not yet understood how custom roles should work

    I hope its b) and someone can explain it to me. If it realy is a) then I sure hope Q2 will fix that!

    Markus
  20. Antoaneta
    Antoaneta avatar
    258 posts
    Registered:
    02 Nov 2015
    19 May 2011
    Link to this post
    Hi Markus,

    Currently our custom roles are difficult to work with. There are bugs logged and we will be working to solve the problems as soon as possible. 

    Your assumption that users does not see buttons because of the workflow is correct. If they are not allowed to edit a page they will not see any action buttons there. This is another bug that is logged for fixing. Pages that cannot be modified should be grayed out, as it is in permissions. 

    Antoaneta
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  21. Ryan
    Ryan avatar
    57 posts
    Registered:
    07 May 2013
    24 Mar 2014 in reply to Antoaneta
    Link to this post

    Just to follow up. It seems I'm still having this same issue with 6.1. Like those above, if I have 50 pages (about what we do have) and I want to allow a role access just one page, the only way to get the Pages tab visible is to ALLOW edit in "permissions for all pages", but then DENY for 49 pages?

     It's not even just trying to get the Pages tab to show. Say the page I want this role sole access to is /careers. Even if that user tries to go to /careers/action/edit, it blows the site up (500 error, object not set to instance of an object). 

    So, is this bug from 4.0 still in 6.1? Is my only option of explicitly setting deny permissions for 49 pages (plus any new ones) the only workaround? Thanks.

  22. Stefani Tacheva
    Stefani Tacheva avatar
    718 posts
    Registered:
    06 Dec 2016
    26 Mar 2014
    Link to this post
    Hi,

    Thank you for your feedback. We are aware of this behavior and we are going to create an article about how permissions should be configured including some detailed information.

    Regarding the problem that you are having what we could suggest you is to Deny Edit permissions for pages for all users on global or parent level and then break inheritance per page level and remove this deny permissions. Then you there will be no need to go through all pages and deny permissions. You will go through only these page which you want to be edit by your users.

    If you have 50 pages and you globally change the permissions to Deny some roles or users and then you go to one page, which a role or user should be able to edit, break the inheritance and remove this Deny permissions, then the role or user will be able to access only this page and will not be able to access the other page.

    Regards,
    Stefani Tacheva
    Telerik
     
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Sitefinity CMS Ideas&Feedback Portal and vote to affect the priority of the items
     
22 posts, 0 answered