Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
 |
|
Bart A Zoni
DNN Creative Magazine Subscriber
Posts:10
|
| 03 Nov 2009 5:00 PM |
|
| If you give the Member Of Staff access to the Security Rolls module, how do you prevent that user to assign himself to the Administrator Role, thereby not limiting him to only the modules you put under the Staff page? |
|
|
|
|
Joseph Craig
DNN Creative Staff
Nuke Master V
Posts:5351
|
| 04 Nov 2009 5:31 AM |
|
Obviously, you don't!
Lee's tutorial was aimed at showing HOW to provide partial access to administrative tools. You should not think of this as a reason that you SHOULD do it. In the case that you identified, there is a "security issue."
|
|
Joe Craig
DNN Creative Support
Subscribe to the website |
|
|
Bart A Zoni
DNN Creative Magazine Subscriber
Posts:10
|
| 04 Nov 2009 6:51 AM |
|
| I can see tremendous benefit to opening some of the admin tools to a "staff" member and have specific need for such a thing. This article was excellent in timing for me. I need to give File Manager capability to specific users. I also need to give a specified user the access to enroll new users and assign roles. But I can not allow this user to modify the site (pages, administrator). Is there a way to modify the standard security module to have a security module wherein the administrator role is not exposed for use? Or do you have any suggestion for handling this? |
|
|
|
|
Kamalesh
DNN Creative Magazine Subscriber
Nuke Newbie
Posts:4
|
| 04 Nov 2009 9:54 AM |
|
| Is it possible to limit the "user accounts" module to only see/update certain users (not all from the domain). |
|
|
|
|
Joseph Craig
DNN Creative Staff
Nuke Master V
Posts:5351
|
|
Kamalesh
DNN Creative Magazine Subscriber
Nuke Newbie
Posts:4
|
| 04 Nov 2009 12:05 PM |
|
Okay, thanks. Its a very nice tutorial.
do you know any custom module in the market which will allow to limit the "user accounts" update for non-admin user and modify/show only certain users? |
|
|
|
|
Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
|
|
Beth Lancaster
DNN Creative Magazine Subscriber
Nuke Newbie
Posts:3
|
| 07 Nov 2009 12:17 PM |
|
Lee
Thanks for the tutorial. I too was hoping you were going to show how to allow staff to add and edit a user profile but not give them full access to change profile properties and all the other functionality in this module.
Maybe a good OWS tutorial. |
|
|
|
|
Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
|
|
Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
|
|
JudeJoseph
DNN Creative Magazine Subscriber
Nuke Newbie
Posts:2
|
| 13 Nov 2009 8:15 AM |
|
Hi,
I followed the tutorial and all seems well except that when I login with the user I gave access to the limited site menu, the user can access the newsletter but when accessing tabs from the SiteAdmin menu the following message comes up:
Access Denied Either you are not currently logged in, or you do not have access to this content.
I've checked permissions and all seems to be well. Why would the newsletter be accessible but not the tabs? |
|
|
|
|
Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
|
|
Barry
DNN Creative Magazine Subscriber
Nuke Newbie
Posts:2
|
| 18 Nov 2009 8:52 AM |
|
Hey Lee
Bizaar thing..
When I create the Staff page and insert 'Users and Roles' module onto the page my registration page appears.
Clicking on the Staff page menu item returns the Registration page.
When I first did this yesterday I didn't realize the switching going on and thinking I was editing the Staff page and noticing only the USER ACCOUNT sub-module inserted (again thinking I was editing the Staff page which apparently doesn't really exist as it turns out) and thinking 'well that's not right' and therefore deleting the USER ACCOUNT module (which is actually my active Registration page) in which to start again.
After some 'head-scratching' and 'shoulder-shrugging' and reinstated the USER ACCOUNT module back into the Registration page and called it a night.
Tried again this morning, deleted Staff page, created new Staff page, insert USERS and ROLES module and again the Registration page appears and now the Staff menu item directs to the Registration page....????
Do I hear everyone running for the door??
|
|
|
|
|
Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
|
|
sped
DNN Creative Magazine Subscriber
Nuke Active Member
Posts:21
|
| 03 Feb 2010 6:40 PM |
|
Hi,
In the Page/Tabs module, it seems that when a ‘limited user/group’ creates a new page (Add New Page), that new pages cannot be created on the ‘top level’ hierarchy. Also, pages cannot be created below other ‘top level pages’ unless those ‘top level pages’ have Page Settings: Edit Page permissions enabled for the group or user.
After clicking Add New Page, the Basic Settings page appears, but the only pages that are listed in Parent Page are the ones that have Page Settings: Edit Page permissions enabled (ie. Events page, Admin page - see attached screenshot) even though the site comprises of seven ‘top level’ pages.
Is there any way around this without having to ‘open up’ all pages settings (Page Settings: Edit Page permissions enabled for group/user) I want to avoid opening up the Page permissions as this would also allow the Settings of the Modules on those pages to also be accessed by the user/group?
For more info on module settings, refer to: www.dnncreative.com/Forum/tabid/88/forumid/1/tpage/1/view/topic/postid/22400/Default.aspx
“Page Settings: Do not give anyone edit page permissions or deny permissions
Announcement module settings: give edit permissions just to Content Managers
This will give them access to add announcements and that's all.
If you give a user edit permissions to a page it opens up more settings for them”
Thank you |
|
|
|
|
Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
|
|
sped
DNN Creative Magazine Subscriber
Nuke Active Member
Posts:21
|
| 07 Feb 2010 6:30 PM |
|
I have tested what you recommended but what I’m trying to achieve still doesn’t work.
I am trying to allow a ‘limited group’ (non Admin group) to add pages the website - add ‘top level pages’ and also ‘sub-level pages’, but also without having access to Module settings.
The limited group is labelled “Content Managers”.
Pages within the website do not have Page Settings: Edit Page permissions enabled for the Content Managers group. This is so that the Modules within pages can be limited for the Content Managers group – so Content Managers cannot Edit the Module settings – only add content to the modules.
Refer to screenshot in previous post: When a member of the limited group (Content Managers) creates a new page; after clicking Add New Page, the Basic Settings page appears, but pages are not listed in Parent Page dropdown list and therefore ‘top level pages’ and ‘sub-level pages’ pages cannot be added.
The only way for pages to be listed in the dropdown list is to have Page Settings: Edit Page permissions enabled for Content Managers (ie. Events page, Admin page have permissions enabled so they appear in the list – all other pages do not).
The limited group (Content Managers) cannot add pages to the site unless Page Settings: Edit Page permissions is enabled for pages – this would therefore open up access to the Module Settings on the pages which we are trying to avoid.
Is there any way around this, without allowing all pages to have Page Settings: Edit Page permissions enabled (for the Content Manages group). I want Content Mangers to be able to add new pages, without allowing them to Edit module settings?
More info:
Enabling pages with Page Settings: Edit Page permissions for the Content Mangers group opens up more settings for them and subsequently allows the Content Managers to Edit module settings; which we are trying to avoid. Giving Content Mangers ‘Edit Permissions’ within the Module itself (and not the Page) allows the Content Managers to only add content and not Edit Settings of the module.
“Page Settings: Do not give anyone edit page permissions or deny permissions
Announcement module settings: give edit permissions just to Content Managers
This will give them access to add announcements and that's all.
If you give a user edit permissions to a page it opens up more settings for them”
More info on Modules Settings topic: www.dnncreative.com/Forum/tabid/88/forumid/1/tpage/1/view/topic/postid/22400/Default.aspx
|
|
|
|
|
Jaume
Nuke Newbie
Posts:1
|
| 09 Feb 2010 3:09 AM |
|
Hi,
Did you manage to solve the problem? I'm facing the same issue: users with access to add and manage pages cannot create or assing pages to the parent ‘top level’ hierarchy. They only see already existing pages whichj they have edit access. It seems like they don't have access to the "...‘top level’ hierarchy page".
The only way I've seen to solve this is to give them access to the Tabs module. With the page UP/DOWN arrows they can move the page to the root level.
|
|
|
|
|
Lee Sykes
DNN Creative Staff
Nuke Master V
Posts:5302
|
| 09 Feb 2010 11:43 AM |
|
Hello,
Yes that's the only method I can see to make it work.
Create a Tabs page - give edit permissions to that page only
A user can now create pages (just in that hierarchy)
Once the page is created they can then move it where they require in the menu using the Tabs module
This also limits them from having any other edit page / edit module permissions anywhere else
Of course, one potential problem, is that when a user creates a page, they can assign their own security roles, so they could give themselves full edit permissions to any new page they create
Thanks,
|
|
Lee Sykes
Site Administrator
Subscribe to the website : DotNetNuke Video Tutorials : The Skinning Toolkit : DotNetNuke Podcasts
Twitter: www.twitter.com/leesykes
 |
|
|