When I go in "Zope Management Interface" > "Security" I can set permissions for users.
Can I do the same for groups?
There is a method or a plugin for this goal?
No you can't (set permissions for users); that tab sets permissions for roles; see Permissions and roles in the "Understanding permissions" manual.
You can assign roles to individual users and groups.
It is not advisable to map permissions to roles via the "Security" tab in the ZMI. You should instead create workflows (ZMI-->portal_workflow) and customize permissions through it.
In your workflow, you need to define states and transitions. And within each state, you can manage what permissions to give to specific roles. If you need to, you can also map groups to roles.
After customizing your workflow, you then assign it to specific content types (in portal_workflow).
Don't forget to run "update security" so that your new workflow will be applied to existing content.
Related
I have a project that uses Firebase analytics. I want to assign a user for just viewing analytics Data.
Recently, Google added Permissions option that can add user with email address and role, but I could not find out which user is fit for that.
this is adding user progress:
first click permission in project page:
then select "add user" and then you should enter an email address and role type:
Is there any documentation that describe these user roles and scopes?
If you click on the Learn More hyperlink visible in the 2nd screenshot you provided, it'll take you to the Understanding Roles documentation that talks about the roles and the permissions.
It seems that there are two types of roles, Primitive and Predefined (which is still in Beta).
Primitive Roles
Roles that existed prior to Cloud IAM, Owner, Editor, and Viewer will continue to work as they did before. These roles are concentric; that is, the Owner role includes the permissions in the Editor role, and the Editor role includes the permissions in the Viewer role.
Predefined roles
Beta: The Beta Cloud IAM roles described in this section might be changed in backward-incompatible ways and are not recommended for production use. They are not subject to any SLA or deprecation policy.
In addition to the primitive roles, Cloud IAM provides additional predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources.
The list of roles for each and a description for their permissions are also described there.
Is it possible to manualy update user roles with Symfony2?
In my application, users are able to handle many companies. For each of them, they have different rĂ´les.
At login time, I'd like to give them the roles of their default company and when they switch of company, I'd like to remove the previous roles and add the ones of the new company.
Yes it is possible. But i wouldn't advise you to dynamically remove and add roles on an company switch as it could lead to an security issue. If you want to use the basic role system you could create roles prefixed by company name (this is an bad idea if you have many companies). Or upgrade your security context to use ACLs. Maybe the simplest solution is to create an user for each company with the same credentials (or no creadentials if you manage the user switch) and different roles.
As far as I can see you should consider developing an own role system that meets your multi company requirement.
Suppose ADMINS is a group that has an Administrator role (site-wide).
In a different context of the Plone site (/Plone/folder) I would like to use the ##sharing view, and remove all roles from the ADMINS group and add some custom ones: the problem is that this isn't possible because Administrator role for ADMINS is site-wide.
Is it possible to remove the site-wide role for just a context in a Plone Site? Or will I have to do this by settings individual permissions on custom workflow states?
##sharing manages local roles and user/group roles (AKA global roles) cannot be changed via local roles. What you can do, however, is not apply the roles using the group (IOW, just leave the group without any roles), then use /Plone/##sharing at the portal root to assign that group local roles there, then in /Plone/folder/##sharing you can uncheck Inherit permissions from higher levels and the local roles from /Plone will not be inherited there.
I need newly created users to be assigned to a particular role as default.
as default, a new user automatically assigned as "authenticated user" I also need as "content admin (custom created role)"
any idea how to do that?
appreciate helps!!
Why I need that?
I create a content admin role for client, I dont give administrator access. and they need the ability to create new users as content admin. as default I need to give access to "administer permission", but by this way they can create administrator user as well :/ and can messed up with the site. So, if I can assign content-admin role as default to new created users, i wont give administer permissions access to client.
Take a look at the module Auto Assign Role. It allows you to automatically assign roles to new users. You can also set different role presets depending if a user registered himself or an admin created the account. Currently it is only in dev for Drupal 7, but from the issue queue it seems to be in working condition.
From the project page:
The Auto Assign Role serves three primary purposes. The first is to
provide an automatic assignment of roles when a new account is
created. The second is to allow the end user the option of choosing
their own role or roles when they create their account. The third is
to provide paths that will trigger a specific role when an account is
created. The administrator has full control over these functions and
can have them working together or independently of each other. Auto
Assign Role is integrated with the Content Profile module so that you
can have content types serving as registration pages. You can even
replace the default user/register page with a customized version of
your own design.
How do I give a specific user editing rights to a specific node?
I have a user role named "Student". Multiple users have that role, only a few of them can edit a node. How can I realise this?
I'll try and cover a few use cases, with how I would solve them:
If all members of a category of users can edit any node of a certain type
Create a new role for that subset of users ('Super Students', as Emyr suggested) and grant them 'Edit content of type' permissions through Drupal's core permission system (no node access module required)
If all members of a category of users can edit specific nodes
Create a new role for that subset of users and grant them edit permissions on the specific nodes (a node access modules is required, such as Node Access or Content Access). This will also require that someone has the permissions (and time) to grant access to the role whenever a new node is created.
Some users can edit some nodes; there is no 'elite' group of users who can edit all nodes, and not all members can edit the same nodes
This will require a node access module, such as Node Access or Content Access with ACL. There will also need to be administrative users who have the permission to grant other users access to edit the nodes.
Allow users to grant others access to edit a node they have created.
I implemented this recently with a user reference CCK field and Node Access User Reference. You can grant users permission to edit their own nodes through the core permissions system and they can then add other users to the user reference field. In my case creators are not given that permission and I set up the default value of the field to the creator's user id, which allows a user to remove themselves from being able to edit the node.
These all assume there is no categorization for your content. You may be able to utilize node access modules based on Taxonomy or Organic Groups if your content and users are organized sufficiently.
For sort of abnormal permissions stuff like this, I've always found that a small custom module is the way to go. General node access modules have to be general enough to be useful for a lot of different cases, which generally makes them sort of messy and confusing.
For this specific one, you could create a module that implements hook_nodeapi and on $op==prepare, check the user's ID against your user reference and do a drupal_goto the access denied page if they don't match up.
You can do this with Flexi Access. Giving a specific user the "update" privilege on a node will allow him to edit the node.
For more options, see the page: Overview of Node Access modules # Drupal.org.
Have you tried either Node Access or Content Access?
If only a subset should be able to edit nodes, you need an additional "super student" role.
The Node Access module may help you set appropriate permissions on the nodes. Here is an excerpt from its project page:
... provides roles and user specific security permissions for menus, menu items, nodes, and security integration into the administration and help systems. We would like to provide this suite of modules back to the community to share the usefulness of the suite and involve the community to provide additional support, testing, and moderation.
Special care was taken to ensure the usability of permission management was consistent across all sections of the system (nodes, menus, menu items). Also each security module uses a cascading security scheme to allow global security and the option to override or define exceptions to the security model for individual items.