Restricting A User To a Certain Document Library - General Discussions - General Discussions - Progress Community
 General Discussions

Restricting A User To a Certain Document Library

  • Restricting A User To a Certain Document Library
  • Hello all,

    I am currently using the latest 4.0 RC (Sitefinity_4.0.992.0) and attempting to setup various Document libraries, with different sets of users (roles) only able to access/view/upload/edit in their respective libraries. 

    For example, let's say User A maintains Section A of a website and only needs access to upload to that document library, while User B maintains Section B...

    What is the smoothest way of achieving this functionality?  In SF 3.7 our organization utilized providers, but it was a bit complicated.  I am curious, is there an easier method in 4.0?

    I tried simply creating different roles and giving only that role access to a library, however, my test user can only see the Dashboard upon logging in (even though that role has access to pages and documents, etc...).

    Any tips are greatly appreciated!  Thanks!
  • Hello Brad,

    If this user belongs to Editors role he/she should be able to access Dashboard, Pages, Content. Please make sure that your user does not belong to anther roles where you have denied the access to Pages and Content.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • Hi Ivan,

    If the user belongs to the Editor role they can then view / access *all* of the document libraries, instead of just the libraries that have permissions set to a custom role / group.

    I suppose to achieve this restriction of document libraries / pages I will need to implement the providers solution.  I've tried using the Developer Network Search feature but am not sure how to word this.  Do you know of a document / tutorial that explains the process of setting up providers so different roles can be setup to only have access to certain libraries / pages?

    Thanks!

  • Hi Brad,

    Have you granted this user/role to see the backned pages from Sitefinity >> Administration >> BackendPages >> Pages.

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • Hi Ivan,

    Thank you, that solved the issue of the user/role not being able to see the Pages / Content tabs from the dashboard.  However, once I grant them access to see the Content / Documents & Files section, they then have access to all Libraries, even though certain libraries have permissions of only letting Admins and certain other roles have access.

    I will continue to look through all of the permission settings, but I just wanted to make sure I wasn't missing something else that was obvious.

    Thanks!
    Brad
  • Hello Brad,

    Ok, Most probably you have not broken the inheritance. By default the image inherits permission from its parent which is the Library. You can check the libraries permissions from

    http://host/Sitefinity/Content/Documents/Libraries - >> Actions  >> Set Permissions..

     if the problem persists, please send screenshots of the permission settings for Libraries, the Image and screenshot of the roles under which your user belongs to.

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • Hi Ivan,

    After breaking the inheritance I am one step closer.  Now the user cannot see any of the files in the library (which is good), however, they can still see the Library itself even though it appears empty to them.  Ideally, I would like the folder to not display at all if a user does not have the proper permissions.

    I have attached screenshots of the role that should not have access to the "Agriculture" folder, and also of the Library permissions for said folder.

    Thanks,
    Brad

  • Hello Brad,

    We verified that this is indeed a problem with applying permissions for a single library. Namely, even though a user has been explicitly denied the "View this library" action, he can still see it. It has been logged (ID 105504) and will be fixed for our next release.

    All the best,
    Slavo
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • I downloaded Service Pack 1 for SF4, and this issue still exists.  A user who has been explicitly denied the "View this library" no longer sees the library in the list of Libraries, but when they view the main "Documents & Files" page, a list of the most recent files are displayed, and items from the denied Library are shown.  Next to these items is even a link to the explicitly denied Library, where a user can then view all of the items in a Library they should not be able to view.

    Is there anyway to have PDFs (or any document) available to everyone on the frontend (so that they may be downloaded by the public) but have certain backend users be restricted to only see certain libraries while in the backend?

    The goal is to have different groups of users maintain different portions of the website, and restrict access to maintain libraries accordingly.
  • Hello Brad,

    Thanks for your feedback.
    I have inspected this again, and unfortunately this problem still exists as it may be more complex than we initially assessed. At the moment there is still a problem with filtering secured objects which are explicitly denied from certain users or roles. However specific actions should be enforced by permissions (e.g. if the user is not allowed, or explicitly denied, to edit a news page, an attempt to edit the page should result in a "you are not authorized to perform this action" message).
    We'll apply a fix for filtering objects by explicitly denying them in the Q2 Service Pack 1 release. Sorry for the inconvenience.

    All the best,
    Alon Rotem
    the Telerik team
  • @Telerik

    Does this problem reported in Dec 2010 still exist?

    Markus
  • Hi Markus,

     Filtering media items on a granular level permission set should be working as intended now with the latest release of Sitefinity. 

    Greetings,
    Patrick Dunn
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • I am using Sitefinity 6.3 and I still see this same issue. 
  • Has there been any update on this? I am using 7.2 and it still have the same issue described. I can see all the libraries even though access has not been granted to user.