Access to File Area

Vote:
 

Hi,

Is it possible to limit access to files in the file area dependent on group/user?

I thought it was the same as with page access but to see the file area I need to assign webEditor. I know it is possible to assign other groups in the configuration but I can not find out how to limit access to differnent users/groups if they must be assigned to the same access group eg. webEditor.

User Groups:
Group1
Group2

Folders:
Folder1
Folder2

I want Users in Group1 to have read/write/delete access to Folder1. I want Folder2 to be hidden or at least denied access to Folder2.

Is this possible? As I said I have already managed to do this structure on pages.

Kind Regards,
Peter

#88395
Jul 10, 2014 17:26
Vote:
 

Hi,

You can do that from admin mode. You cannot set access rights on folders from edit mode because there is no view for them.

You can see the folders in the page tree under the "Global Resources" node in Admin > Acess Rights > Set Access Rigts.

#88397
Jul 10, 2014 20:30
Vote:
 

Hi Johan,

Actually it is possible to set access rights both from admin mode as you said, but also from edit mode if you click on the file area library - there is an access rights icon.

It still does not solve my issue. Maybe it´s not possible to set access rights in that way I want.

Thank you anyway :)

//Pe

#88403
Edited, Jul 11, 2014 9:25
Vote:
 

You posted in the 7.5 forum, so I just assumed you were using the new asset system. But from your latest comment it seems like you're using the old VPP system?

Because in the new system you cannot set access rights on folders from edit mode.

So what is the problem? You can't remove access rights for WebEditor from a folder? That should work. Access rights works the same way as for pages.

#88415
Edited, Jul 11, 2014 16:24
Vote:
 

Hi Johan,

Ahh, you are right. I am not using the latest version. The license says version 7.0, sorry.

Exactly. If I remove webEditor for the user I will not see the folder structure at all.
Access denied > You do not have sufficient rights to view this page

Therefore I think the user must belong to webEditor. I have made all kind of tests. For the Root-folder (Documents) webEditors  is not even listed.

My example user: TestUser
Belonging to groups:
GroupEditor (see below)
ExGroup (only to group users and have them collected)

With webEditor the user can see everything and without i got "access denied".

Folders:

Documents (root)
Access rights >
Administrator (full)
Anonymous (read)
ExGroup(full)

Documents > ExFolder
Administrator (full)
Anonymous (read)
ExGroup(full)













As I understand, it should be possible to remove "Group: Everyone" and instead add anonymous (for front access). But even if I add "Group: Everyone" with "Read permissions" on the two folders, I get "access denied", therefore I think something is wrong - or that the user need to be in WebEditor.

My goal is to hide some folders for an user group that I have created, but if the user must belong to webEditor there is no way to separate them from viewing the content from one of the folders becouse both users then have webEditors.

I hope my explenation is clear enough. Thanks,

/Pe

#88425
Jul 11, 2014 18:07
Vote:
 

Oh, I thought you were trying to remove WebEditors from a folder, not from a user.

So, my recommendation is then to not set any access rights at all for WebEditors and WebAdmins to pages or folders. Those two groups will just grant the users access to edit or admin mode, since they are defined in web.config. I.e. remove all access rights already set for those groups, but keep them in web.config.

Then you have to create new editor groups and assign them to all editors. All editors also needs to be members of WebEditors of course, to be able to login to edit mode at all. This is the only way to achieve what you want to do, unless you want to edit web.config everytime you add a new editor group.

Instead of having in web.config, you can assign all those groups to the virtual role CmsEditors in EPiServerFrameworks.config and then just have in web.config.

#88426
Jul 11, 2014 18:22
Vote:
 

Hi Johan,

Actually we have kind of solved it, without change in web.config.

* "Documents" need to have "Everyone" with "read" permission.
* "Documents/ExFolder" need "ExGroup" with "read, create, change, delete" - in my case, and of course no "read" access for "everyone.
* Then, the user - in my example here "TestUser" must have "webEditor, ExGroup".

Now the only visible folder is "ExFolder".

And if I need a new group I can create "ExGroup2" and add new users with access to another folder. And so on...

It seem to be working. I have no idea why it was not working for the first time. Maybe that i did not have "Everyone" added to the root "Documents" folder.

I will mark your answer becouse of your rekommendation to remove WebEditors/WebAdmins from folders and keep WebEditors group on the user. It seems to have solved it too.

Thanks for your help,
Peter

#88575
Jul 17, 2014 14:45
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.