I'm trying to allow a group with a role Contract Reviewer to change the state of an object without needing the 'Manage portal content' role in a particular state.
The Contract Reviewer is granted a permission: 'MyProduct: Review contract', in rolemap.xml
The 'MyProduct: Review contract' permission is required for two transitions: Approve Contract and Reject Contract. These two transitions are available in a 'Pending contract approval' state.
The permissions seem to work as other user groups do not see these transitions available, but the Manager and Contract Reviewer roles can see these transitions.
However, in my workflow, unless the 'Modify portal content' permission is assigned in that state, the Project Reviewer cannot see the 'Edit bar' to 'approve' or 'reject'.
Is there another permission to show the edit bar that I am missing?
Related
On our on-premise TFS 2017 update 2 I want to add an extra user to the Agent Pool role as an administrator. For some reason I can not find all users in the domain.
In the image you can see that the user TFSBuild was added previously, but now when when searching or it it can not be found. I know for certain that this user still exists because in other place (e.g. add it to a a project group) I can add it. Also I'm able to add other users so the permissions to add users to the administrator role are OK.
I noted that I can add the user to the 'Project Collection Build Administrator group' but I still cannot add it to the Agent Pools or it doesn't show up in the 'filter users and groups' of the collection
First you could try to add that specific user to another agent pool. This will narrow down if the issue is related to the agent pool.
It maybe an Identity Synchronization issue, you could check this blog which discusses how to do a force sync.
Besides, you could also directly add group instead of a user on the agent pool. The users in the group will also gained the roles. And based on the roles, they will govern what operations they can perform on an agent pool.
So as a workaround, you could add a group which only included this user instead of this user, then double check if the user has properly permission.
What I do is add the user or AD-group to a team project TFS group as member. For example as a reader. Then the synchronization is done by TFS and you will be able to resolve and add the role member in the agent pool after a few minutes.
I have a project that uses Firebase analytics. I want to assign a user for just viewing analytics Data.
Recently, Google added Permissions option that can add user with email address and role, but I could not find out which user is fit for that.
this is adding user progress:
first click permission in project page:
then select "add user" and then you should enter an email address and role type:
Is there any documentation that describe these user roles and scopes?
If you click on the Learn More hyperlink visible in the 2nd screenshot you provided, it'll take you to the Understanding Roles documentation that talks about the roles and the permissions.
It seems that there are two types of roles, Primitive and Predefined (which is still in Beta).
Primitive Roles
Roles that existed prior to Cloud IAM, Owner, Editor, and Viewer will continue to work as they did before. These roles are concentric; that is, the Owner role includes the permissions in the Editor role, and the Editor role includes the permissions in the Viewer role.
Predefined roles
Beta: The Beta Cloud IAM roles described in this section might be changed in backward-incompatible ways and are not recommended for production use. They are not subject to any SLA or deprecation policy.
In addition to the primitive roles, Cloud IAM provides additional predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.
The list of roles for each and a description for their permissions are also described there.
The site is using simple publication workflow
What I have tried is
1. Add the user to the role Reviewer
2. Under sharing for the folder I gave the user reviewer and view rights.
3. I even went into zope and edit the workflow and check all in the permission for reviewer role.
But under the drop down that allows the reviewer to publish, the publish option is missing. Only advance and send back option is available.
Below is the permission in pending state
Any idea of what is happening?
It seems you have a custom workflow. Your publish transition is protected by the Request review permission, which is uncommon (this is the permission for users who want to submit for publication).
Normally the "main" permission for Reviewer role is Review portal content.
I have developed a system using Drupal 6. I have implemented user registration with content profile. Which means there is a functionality called company registration. It is creating a content profile with companies and a user account also after click register.
Once the profile and user account created both will be in pending status and I have implemented a functionality where the site admin can approve (using rules.) Once approved the content profile is accessible via front end.
But though the users status change rule is written (rule to change the pending user role to active member) the user is unable to login. Currently after approving the content profile the admin again need to go to the user account and activate it.
Can anybody help me to get this resolved please?
My advice would be to use Triggers with this, so that when a content profile is approved, the linked user profile will also be approved. You should be able to write an "Advanced" trigger for this.
https://drupal.org/documentation/modules/trigger
How do I give a specific user editing rights to a specific node?
I have a user role named "Student". Multiple users have that role, only a few of them can edit a node. How can I realise this?
I'll try and cover a few use cases, with how I would solve them:
If all members of a category of users can edit any node of a certain type
Create a new role for that subset of users ('Super Students', as Emyr suggested) and grant them 'Edit content of type' permissions through Drupal's core permission system (no node access module required)
If all members of a category of users can edit specific nodes
Create a new role for that subset of users and grant them edit permissions on the specific nodes (a node access modules is required, such as Node Access or Content Access). This will also require that someone has the permissions (and time) to grant access to the role whenever a new node is created.
Some users can edit some nodes; there is no 'elite' group of users who can edit all nodes, and not all members can edit the same nodes
This will require a node access module, such as Node Access or Content Access with ACL. There will also need to be administrative users who have the permission to grant other users access to edit the nodes.
Allow users to grant others access to edit a node they have created.
I implemented this recently with a user reference CCK field and Node Access User Reference. You can grant users permission to edit their own nodes through the core permissions system and they can then add other users to the user reference field. In my case creators are not given that permission and I set up the default value of the field to the creator's user id, which allows a user to remove themselves from being able to edit the node.
These all assume there is no categorization for your content. You may be able to utilize node access modules based on Taxonomy or Organic Groups if your content and users are organized sufficiently.
For sort of abnormal permissions stuff like this, I've always found that a small custom module is the way to go. General node access modules have to be general enough to be useful for a lot of different cases, which generally makes them sort of messy and confusing.
For this specific one, you could create a module that implements hook_nodeapi and on $op==prepare, check the user's ID against your user reference and do a drupal_goto the access denied page if they don't match up.
You can do this with Flexi Access. Giving a specific user the "update" privilege on a node will allow him to edit the node.
For more options, see the page: Overview of Node Access modules # Drupal.org.
Have you tried either Node Access or Content Access?
If only a subset should be able to edit nodes, you need an additional "super student" role.
The Node Access module may help you set appropriate permissions on the nodes. Here is an excerpt from its project page:
... provides roles and user specific security permissions for menus, menu items, nodes, and security integration into the administration and help systems. We would like to provide this suite of modules back to the community to share the usefulness of the suite and involve the community to provide additional support, testing, and moderation.
Special care was taken to ensure the usability of permission management was consistent across all sections of the system (nodes, menus, menu items). Also each security module uses a cascading security scheme to allow global security and the option to override or define exceptions to the security model for individual items.