Security/permissions question for custom role

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
6/14/2012 12:24:11 PM
Gravatar
Total Posts 537
feet planted firmly on the ground

Security/permissions question for custom role

I have a custom role (created from scratch). I have created a couple of pages signed in as a user in this role. I find I cannot configure the view security on the pages I have created - all the checkboxes on the Security tab are greyed out. 

This documentation suggests that if a role has edit permission on a page (as my user has) they can "Edit page settings (except for edit permissions)".  But I'm finding I also cannot edit the View permissions ("Roles that can view this page").  (Except, making this inconsistent, I have the ability to "hide this page from authenticated users" but I don't want to do that).

What permissions do I need to assign to a role to allow them to alter the security settings on a page they create (essentially to make the new page visible only to members of the same role)?  Or is this a feature request (to make mojoPortal match its documentation ;-).

(Background - this is a bit like the "role for each department" example given on the above documentation page. I want each department to be able to create both public and private content in their own area. But I don't want any department to be able to edit content outside their own area).

 

6/15/2012 1:04:00 PM
Gravatar
Total Posts 18439

Re: Security/permissions question for custom role

I've just corrected the documentation to say "except permissions" rather than "except edit permissions".

By default any new page inherits the same role permissions as its parent page, so if the parent page has departmental view and edit roles any new child page will inherit the same roles.

Only admins and content admins (and site editors in a multi site installation) can change permissions on pages or feature instances.

Hiding is not a security feature, it is cosmetic and only removes it from the menu, it does  not protect the page.

If you want a private section below a department level page you should have an admin or content admin setup the first page with the restricted view roles then dept editors can create pages below that with the same permissions.

6/16/2012 12:45:12 AM
Gravatar
Total Posts 537
feet planted firmly on the ground

Re: Security/permissions question for custom role

Thanks Joe that makes sense and should work fine for my case.

You must sign in to post in the forums. This thread is closed to new posts.