2 suggestions for roles

This is a forum to suggest new features for mojoPortal.

This thread is closed to new posts. You must sign in to post in the forums.

9/26/2010 9:02:17 AM

jerry evans

Total Posts 11

View Posts

2 suggestions for roles

1. Extend role creation to allow the application of a specific security policy. Role security, optionally, overrides page/content settings. This would make it foolproof to add a new set of users for a particular project whilst ensuring they cannot edit pages or content, can upload/download files etc.

2. Be able to configure the member list so that only people in that role are displayed, again subject to override by settings for a particular user.

Also, possible bug, right now it seems to me that unticking the 'show in member list' option prevents the user from being displayed in the user list even if logged in as admin, i.e they disappear.

Thx++

Jerry

9/27/2010 7:31:00 AM

Joe Audette

Total Posts 18439

View Posts

Re: 2 suggestions for roles

Hi,

Security is very difficult to get right. The more flexible you try to make it the more complex it becomes and the the chances for mis-configuration increase and this can reduce security. Keeping it as simple as possible is a feature that improves security.

In mojoPortal we support view/edit permissions at the page level and the content instance level. If a specific custom feature needs more granular permissions, they can define those in their features and use our AllowedRolesSetting control as I wrote about on this thread.

It only shows hidden users for the admin when he searches for the user not by browsing the alpha links.

Best,

Joe

9/27/2010 4:30:00 PM

jerry evans