I am using SDL Tridion 2011 and need to take the permissions off from the user to localize a structure group so that he does not make any changes in the name of the structure group by localizing it. However, even after removing the rights and permissions and making the structure group ‘read only’, the user is still able to localize the structure group by right clicking on it and going to properties. Please help if there's any resolution for it.
Also, is there any way we can restrict the user from unpublising or updating a page?
Permissions on a structure group control what you can do to the things it contains. Remove the localize permission in the parent structure group instead.
To prevent unpublishing you can do any of the following:
Remove the Read permission.
Go to the Security tab in the properties of the relevant publication, and remove the right to Publish to Content Distributor
Go to the Security tab of the relevant Target Type, and remove the Use Target Type permission
To prevent them updating a page, remove the Write permission, although be aware that editing the page allows them to modify the page composition, and that controlling this doesn't prevent changes to the content if the person has permission to modify the relevant components.
If none of these is sufficient, then you will need to implement a custom solution with either the events system, or workflow.
Inspect the properties for your Structure Group and go to the Security tab. Check which users/groups have the localize right and then see if your user is a member of any of those groups. Groups can be members of other groups, so you may need to check recursively to find where this ability is being allowed from.
Also make sure that the user is not an Administrator.
To prevent a user from unpublishing a page then you need to make sure they do not have "Publish to Content Distributor" rights at the Publication level. If they need to be able to publish pages, but not unpublish, you will need to take care of that by writing an Event System.
To prevent them from updating a page, you need to consider the Write permissions on the containing Structure Group.
Related
We've added a role to DNN named, "Content Manager." Almost all the site's content is in 2sxc Content app stuff; Basic Content, Links, Locations, etc. What is the most efficient way to get DNN and 2sxc setup so that these users can only Edit the content. Not change the template (View) or get in to DNN's module or page settings or anything else. Most of our efforts so far either involve a lot of setup work and module permission changes - or - if we stick close to the defaults, we give these users too many options when logged in. Basically we want them to only see the blue circle edit pencil button and nothing else.
So I found this by accident, but it seems to work! Perhaps #iJungleBoy has some additional feedback.
Get the RoleID from the database for the role you created for Content Editors. Then, in your 2SXC app, go to the apps Administration page, click App in the top toolbar, click the icon next to App Permissions, add a new permission with the ID of the role in the Identity field, leave the condition unset, and choose from the Grant options that meets your need. The entry for "Edit (Create, Read, Update, Delete)" may be what you are looking for.
If that doesn't work, you may need to manage the App Permissions for all 2sxc apps. You can follow this link for background on it. Basically you need to put the page in Edit mode and then on the gear icon select Apps Management. On that screen, click the Features button on the toolbar. Click Manage Features, and then enable the one entitled "Permission by Group / Role".
For more background on permissions, check here.
Hope that helps get you on a good path.
I have 2 different roles with exactly the same permissions and text formats when I switch a user between these two roles with the first one I can edit one specific node but not with the second, is there something I'm missing? I basically want to make these two roles to work exactly the same and after that I will add/remove some permissions.
I even tried using the direct edit URL "node/XXXXXX/edit" with no success on my 2nd role, as soon as i swap to the 1st role I can access the edit page.
On the content type I looked on the User Permissions and both of them are checked on the "Roles that can EDIT any content of this type"
As suggested on one of the answers I re created the role and cleared the cache but with no success.
Do both roles have the right permissions to work with the text format?
/admin/config/content/formats
or go to Configuration > Content authoring > Text formats
Try to delete the second role;
Create again and
Clean cache.
That happened to me time ago.
Hope that helps.
My website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it. I don't want to put the customer ID in the URL as this will make it open to abuse.
Session is not a place to hold information like this exactly because of problems you're describing. You need to pass customer ID along with the page itself (either in hidden field or in url), so when you post back the form, it exactly knows what are you trying to do. Session won't protect you nor add any extra security. You need to determine if the user has correct permissions either way, so you should focus on this aspect.
I want to add the logs for the requirement history for the changes in the requirement tracebility. Currently,the logs for the changes in the requirement tracebilyt are not being captured in the history section.
Is any code or API to make changes in the requirement tracebility visible in the history tab?
thanks
History is not maintained for requirement traceability in QC. What you can do, enable history for comment field from customization and change your qc workflow script such that it adds comment (i.e. added link/removed link with ids) when somebody changes anything in requirement traceability section.
you have to make the Related field history enabled and to do so, you have to have administration rights on the project.
then go to Tools>Customization>Project Entities> Test Cases
then find your field in either the System Fields list or the User Fields list.
select the target field, in the RHS you will see the field properties and one of the properties is History Enabled. check that option and Save then Hit Return.
Log out of the project and re-Login.
now changes to that field will be tracked and appear in the History tab.
I'm working on a site that can be displayed to the user in several different ways, kind of like themes, but more functionality related. So basically, the page you are viewing is in a certain state (based on the user, country etc).
The rendering of the controls on a page will vary a bit depending on the current state, and I want this to be easily configurable. (For state A, hide this field in this control, for state B show this icon etc).
In a standard web site, a control would just access a section in web.config to get the its current configuration, but now I want the control to get different configurations depending on the state the page is in.
Any suggestions on how to implement this?
Why not just save the relevant UserControl Properties values in a database for each state. This way states can be added or modified on the fly later.
I choose to create an interface for getting configuration settings that directly mapped to ConfigurationManager.GetSection(string sectionPath).
I then injected (using Spring.Net) a class that used the built in configuration manager, but tried to resolve the section path at different levels depending on the current state.
So it started by trying to get the configuration from "[CurrentState]/Application/MyControlConfiguration", if not found tried the default "Application/MyControlConfiguration". Worked pretty well...
The controls didn't have to be aware that the application can override configuration settings depending on state.