Hippo 7.6 Security Domain and permissions.

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Hippo 7.6 Security Domain and permissions.

M Nair
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.6 Security Domain and permissions.

Bartosz Oudekerk
Administrator
On 07/06/11 02:02, M Nair wrote:
> On the permissions tab
>
> 1) The "securitydomain" seems to be limited. I mean I cannot add any new
> security domain, correct ?

Correct in that it's not possible using the CMS, you'll have to use the
console.

> 2) I need more granularity in setting up my permissions. Lets say I create a new
> documenttype say "addoctype". I want to restrict all edits to documents of this
> type to the ad group. Can i do that? If so how granular can I go..

Yes you can, see this wiki page:
https://wiki.onehippo.com/display/CMS7/Repository+Authorization+and+Permissions

Kind regards,
--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
http://www.onehippo.com/
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.6 Security Domain and permissions.

M Nair
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.6 Security Domain and permissions.

Mathijs Brand
Hi,

> My question is how do I restrict these users to only the NEWSDOCUMENT type
> by restricting the new securitydomain to NEWSDOCUMENT .

Usually you choose a folder with news documents and you make sure
editors can only make news-folders and folder documents in that folder
[1]. You can then make a group that can only access the news folder
[2].

What you want is also possible like so I think:

<?xml version="1.0" encoding="UTF-8"?>
<sv:node sv:name="type-newsdocument" xmlns:sv="http://www.jcp.org/jcr/sv/1.0">
  <sv:property sv:name="jcr:primaryType" sv:type="Name">
    <sv:value>hipposys:facetrule</sv:value>
  </sv:property>
  <sv:property sv:name="hipposys:equals" sv:type="Boolean">
    <sv:value>true</sv:value>
  </sv:property>
  <sv:property sv:name="hipposys:facet" sv:type="String">
    <sv:value>jcr:primaryType</sv:value>
  </sv:property>
  <sv:property sv:name="hipposys:filter" sv:type="Boolean">
    <sv:value>false</sv:value>
  </sv:property>
  <sv:property sv:name="hipposys:type" sv:type="String">
    <sv:value>Name</sv:value>
  </sv:property>
  <sv:property sv:name="hipposys:value" sv:type="String">
    <sv:value>yournamespace:newsdocument</sv:value>
  </sv:property>
</sv:node>

However, I could be missing a step here, because I haven't had the
time to completely check it. If you need it, maybe Bartosz or someone
else can fill in the gap.

1: http://www.onehippo.org/cms7/documentation/development/plugin-development/user+interface/document+types+in+folder.html
2: https://wiki.onehippo.com/display/CMS7/Set+permissions+on+folders

Kind regards,
Mathijs Brand

On Tue, Jun 7, 2011 at 5:22 PM, M Nair <[hidden email]> wrote:

> Thanks Bartosz for the link.
> So this is what I did..
> 1) I created 2 new users and 2 new groups. Added one user in one group and
> the other user in the other group.
>    Group1 has User1.
>    Group2 has User2.
> 2) I created a new security domain called 'customdocuments'
> as /hippo:configuration/hippo:domains/customdocuments and the exported node
> xml is attached in this email. This is similar to the "hippodocuments"
> domain.
> 3) Went to permissions tab and added EDITOR role to USER 1 and AUTHOR role
> to USER 2 for the new domain 'customdocuments'.
> 4) Logged in as USER1 and USER2 and found that they do have correct access
> roles for all the documents ..Editor role allows USER1 to edit and then
> publish .. Author role allows USER2 to edit but NOT publish..
> So far so good..
> My question is how do I restrict these users to only the NEWSDOCUMENT type
> by restricting the new securitydomain to NEWSDOCUMENT .
> Thanks
>
>
>
> ----- Original Message ----
> From: Bartosz Oudekerk <[hidden email]>
> To: [hidden email]
> Sent: Mon, June 6, 2011 5:18:13 PM
> Subject: Re: [Hippo-cms7-user] Hippo 7.6 Security Domain and permissions.
>
> On 07/06/11 02:02, M Nair wrote:
>> On the permissions tab
>>
>> 1) The "securitydomain" seems to be limited. I mean I cannot add any new
>> security domain, correct ?
>
> Correct in that it's not possible using the CMS, you'll have to use the
> console.
>
>> 2) I need more granularity in setting up my permissions. Lets say I create
>> a new
>> documenttype say "addoctype". I want to restrict all edits to documents of
>> this
>> type to the ad group. Can i do that? If so how granular can I go..
>
> Yes you can, see this wiki page:
> https://wiki.onehippo.com/display/CMS7/Repository+Authorization+and+Permissions
>
> Kind regards,
> --
> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
> Boston - 1 Broadway, Cambridge, MA 02142
>
> US +1 877 414 4776 (toll free)
> Europe +31(0)20 522 4466
> http://www.onehippo.com/
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html
>
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html
>
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.6 Security Domain and permissions.

M Nair
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.6 Security Domain and permissions.

Bartosz Oudekerk
Administrator
On 09/06/11 01:59, M Nair wrote:
> Mathijs
>
> I tried the change you mentioned below and it did not work.
>
> I have attached 3 xmls which can be imported for hippo:domain, hippo:users.
> hippo:groups . If someone can import these in their hippo instance and let me
> know why user "play" cannot see the myhippoproject folder under documents that
> would be great.. password for user "play" is "playpass".

I would guess that your user does not have read access to the parent
nodes /content & /content/documents. You'll need to create a second
security domain for that. See the links Mathijs provided.

BTW, a tip is to use the repository servlet when configuring domains,
it'll save you the trouble of logging out and back in after every
change.

Kind regards,
--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
http://www.onehippo.com/
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.6 Security Domain and permissions.

b.vanderschans@onehippo.com
On Thu, Jun 9, 2011 at 10:45 AM, Bartosz Oudekerk
<[hidden email]> wrote:

> On 09/06/11 01:59, M Nair wrote:
>>
>> Mathijs
>>
>> I tried the change you mentioned below and it did not work.
>>
>> I have attached 3 xmls which can be imported for hippo:domain,
>> hippo:users.
>> hippo:groups . If someone can import these in their hippo instance and let
>> me
>> know why user "play" cannot see the myhippoproject folder under documents
>> that
>> would be great.. password for user "play" is "playpass".
>
> I would guess that your user does not have read access to the parent
> nodes /content & /content/documents. You'll need to create a second
> security domain for that. See the links Mathijs provided.
>
> BTW, a tip is to use the repository servlet when configuring domains,
> it'll save you the trouble of logging out and back in after every
> change.

You can find some more tips at:

https://wiki.onehippo.com/display/CMS7/Repository+Authorization+and+Permissions#RepositoryAuthorizationandPermissions-Tipswhencreatingyourownsecuritydomains

Regards,
Bart
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Hippo 7.6 Security Domain and permissions.

M Nair
CONTENTS DELETED
The author has deleted this message.