More in this section

Forums / Security / Security Issue

Security Issue

2 posts, 0 answered
  1. Vikas Bhalotia
    Vikas Bhalotia avatar
    11 posts
    19 Jan 2010
    21 Feb 2010
    Link to this post
    I am in the process of evaluating sitefinity for my project. I am facing some security related issue.
    I have created one user role called Sales. Now this role has ability to access access CMS and all other permission are denied. I have created one user called user1 and assigned him in to the sales role.   After that Admin has created one page with some static content. Admin has given permission to sales role to only view and modify the content of this page and all other permissions are denied even publish permission is denied. 

    Now user1 logged in using his userid and password. He is able to view the page and modify it. But I see that he has also ability to publish the page even though admin has denied publish permission. Please help. This is very urgent.

  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    12 Sep 2017
    21 Feb 2010
    Link to this post
    Hello Vikas Bhalotia,

    The user can crate a page which means that he can publish it. The "Publish" checkbox you have checked applies when you use Workflow. In your case I suggest that you should turn on pages workflow. Then, the user will be able to create or modify the a page, but he/she will not be able to Publish it on the website. This page should be reviwed by another user that has permissions to Publish.

    You can turn on the workflow from your webconfig file as shown below

    <cms defaultProvider="Sitefinity" pageExtension=".aspx" projectName="SomeName" disabled="false" pageEditorUIMode="Overlay">
                    <clear />
                    <add  connectionStringName="DefaultConnection" allowPageHistory="True" allowPageWorkflow="True" cachingProviderName="ASPNET" name="Sitefinity" type="Telerik.Cms.Data.DefaultProvider, Telerik.Cms.Data" />

    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
2 posts, 0 answered