More in this section
Forums / Security / Roles Not Restricting Access

Roles Not Restricting Access

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
2 posts, 0 answered
  1. John S.
    John S. avatar
    126 posts
    09 Aug 2004
    10 Aug 2009
    Link to this post

    I am using V3.5 and have several roles defined that are supposed to restrict access from certain pages. Although it creates the menus correctly, if someone knows the page address and is logged in they can access the page.

    Why is this? Even if I deny a user as a page permission it still allows that person. The menus are created correctly based on the logged on role, why is the page not restricted?

  2. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    01 Feb 2016
    11 Aug 2009
    Link to this post
    Hello John Stewart,

    Thank you for using our services.

    This behavior is coming from the fact that Sitefinity pages have permission inheritance. This means that all pages inherit permission settings for all roles from their parents. This lets you view the page if you belong to a role that is denied view access to a page if the parent page has view permissions.

    However you can break inheritance for pages. This will affect all permissions for all roles. By breaking permission inheritance you will be able to totally restrict a certain page. Then if the restricted types in the URL, then he/she will get an error message. Take a look at the attached image to see how to break inheritance for pages.

    All the best,
    the Telerik team

    Instantly find answers to your questions on the newTelerik Support Portal.
    Check out the tipsfor optimizing your support resource searches.
2 posts, 0 answered