+1-888-365-2779
Try Now
More in this section

Forums / Security / Roles Not Restricting Access

Roles Not Restricting Access

2 posts, 0 answered
  1. John S.
    John S. avatar
    126 posts
    Registered:
    09 Aug 2004
    10 Aug 2009
    Link to this post
    Hello,

    I am using V3.5 and have several roles defined that are supposed to restrict access from certain pages. Although it creates the menus correctly, if someone knows the page address and is logged in they can access the page.

    Why is this? Even if I deny a user as a page permission it still allows that person. The menus are created correctly based on the logged on role, why is the page not restricted?

    Thanks,
    John
  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    11 Aug 2009
    Link to this post
    Hello John Stewart,

    Thank you for using our services.

    This behavior is coming from the fact that Sitefinity pages have permission inheritance. This means that all pages inherit permission settings for all roles from their parents. This lets you view the page if you belong to a role that is denied view access to a page if the parent page has view permissions.

    However you can break inheritance for pages. This will affect all permissions for all roles. By breaking permission inheritance you will be able to totally restrict a certain page. Then if the restricted types in the URL, then he/she will get an error message. Take a look at the attached image to see how to break inheritance for pages.

    All the best,
    Rado
    the Telerik team

    Instantly find answers to your questions on the newTelerik Support Portal.
    Check out the tipsfor optimizing your support resource searches.
2 posts, 0 answered