+1-888-365-2779
Try Now
More in this section

Forums / Security / Issue with Page Permissioning on Live Site

Issue with Page Permissioning on Live Site

6 posts, 0 answered
  1. Raghu
    Raghu avatar
    19 posts
    Registered:
    21 Jun 2010
    30 Nov 2010
    Link to this post

    We have following pages on the site.

    Home.aspx

    SMEs.aspx

    Contacts.aspx

    manage.aspx

    Following roles on the site (all roles have unique set of users)

    key-sf-admin -  admin group/unrestricted access

    cap-key-dev   - denied all access to all pages except view to all pages on root level

                               -  For SME.aspx “view” rights are also denied for this role.

    So cap-key-dev role should be able to view all the pages on live site except SME.aspx.

    Also note that all the pages have been marked as Anonymous access to deny.

    On Site Map level the role cap-key-dev has following rights

    View

    Allow

    Deny

    Create

    Allow

    Deny

    Modify

    Allow

    Deny

    Delete / Rollback

    Allow

    Deny

    Change Permissions

    Allow

    Deny

    Change Properties

    Allow

    Deny

    Approve

    Allow

    Deny

    Publish

    Allow

    Deny

    Modify Layout

    Allow

    Deny

     
    On Application level the role cap-key-dev has given following rights

    Manage users

    Allow

    Deny

    Manage permissions

    Allow

    Deny

    Manage files

    Allow

    Deny

    Edit templates

    Allow

    Deny

    CmsAccess

    Allow

    Deny


    On SME.aspx page level role cap-key-dev has given following rights

    View

    Allow

    Deny

    Create

    Allow

    Deny

    Modify

    Allow

    Deny

    Delete / Rollback

    Allow

    Deny

    Change Permissions

    Allow

    Deny

    Change Properties

    Allow

    Deny

    Approve

    Allow

    Deny

    Publish

    Allow

    Deny

    Modify Layout

    Allow

    Deny

     

    All other pages inherit site map level permissions for cap-key-dev role, i.e. only view rights.

    Now issue is that when any user who is part of cap-key-dev tries to view Home page on live site it shows access denied message to that user. Initially Home page was made to deny view access to cap-key-dev  role.  But later we changed the permission to allow view access to cap-key-dev.

    We refreshed browser’s cache and also restarted iis but it didn’t work.

    Can you please help me in resolving this issue, please let me know if you need more details?  Also please note that we are using custom LDAP based membership and role providers.

    Thanks and Regards,
    Raghu Lohe

  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    30 Nov 2010
    Link to this post
    Hello Raghu,

    Thank you for using our services.

    Can you please check if you have previously had broken permission inheritance of the Home.aspx page so that users from cap-key-dev? Can you try making this page inherit permissions from the Sitemap root (its parent page) and see if the permissions error will be thown? Do other pages throw the site throw the same exception for this group.

    All the best,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Raghu
    Raghu avatar
    19 posts
    Registered:
    21 Jun 2010
    02 Dec 2010
    Link to this post
    I did exactly the same as per your suggestions but it didn't work.

    First I tried with breaking inheritance from Site map for home.aspx and later I made the page inherit from site map and checked it's access. It is not accessible to cap-key-dev where it suppose to be.

    Other pages are not throwing any exception when cap-key-dev accesses them.

    Thanks,
    Raghu
  4. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    02 Dec 2010
    Link to this post
    Hi Raghu,

    Is it possible that you have set deny view permission to everyone role?

    Best wishes,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Raghu
    Raghu avatar
    19 posts
    Registered:
    21 Jun 2010
    06 Dec 2010
    Link to this post
    hi Radoslav,

    On Site Map level role everyone has following setting

    View

    Allow

    Deny

    Create

    Allow

    Deny

    Modify

    Allow

    Deny

    Delete / Rollback

    Allow

    Deny

    Change Permissions

    Allow

    Deny

    Change Properties

    Allow

    Deny

    Approve

    Allow

    Deny

    Publish

    Allow

    Deny

    Modify Layout

    Allow

    Deny


    Also for Home.aspx role everyone has the same setting as above.

    Thanks,
    Raghu

  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    19 Sep 2016
    06 Dec 2010
    Link to this post
    Hello Raghu,

    There are two possible reasons for this behavior

    1. There is some permission inheritance or permissions set over everyone role which applies over all other custom roles you have created

    2. The user you use belongs to two or more roles and in one of this roles you have denied the view access. In this case deny permission has higher priority than view.

    Best wishes,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
6 posts, 0 answered