Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
Struggling with permissions
g_sal
Hi,
[T6.5, Win2k3]
I'm trying to learn how to setup permissions in TeamSite. I'm fairly new with the platform. I understand if I want to restrict users' behaviour in a workarea I can set OS permissions on the files and directories. So what I'm trying to do is prevent authors from deleting important folders like htdocs and templatedata.
The workarea is shared by a group I'll call GroupA and is owned by editor Jack. I've removed the Allow Delete permission for GroupA in the OS and then submitted to staging. I expected the delete option under the File menu to be disabled for any author in GroupA but I am still able to delete the htdocs directory. I just don't understand what I'm missing.
When I did further research in the Admin book, I noticed that authors are not supposed to have delete permissions for directories by default but this isn't my case. Can anyone help me with this permissions nightmare?
Find more posts tagged with
Comments
Adam Stoller
Unfortunately, I don't believe the mechanics are as simple as one would wish.
I'm not sure about Authors having/not having the ability to use the Delete menu option (on files or directories) - but what you'll probably have to do is familarize yourself with the UI Toolkit (UITK) and either disable the menu option for Authors (which, unfortunately, means replacing the OOTB menu item with a custom menu item calling the same directive - but allowing you to use the roles_custom.xml file to limit who has access to it) - or, probably better, replace the OOTB menu item with your own custom script - which, if run with the iw_cgi_wrapper.cgi should allow you to determine the user's current role and group and determine whether they have access to the selected files and/or directories to allow deletions to go through.
I would not consider this an entry-level customization -- you will probably need to spend quite a bit of time reading the manuals and searching the forums, and going through trial-and-error debugging in order to get it to work right. Alternatively, hire a knowledgeable consultant to come in, do it, and document thoroughly what they did.
You *might* be able to avoid the consultant via (a) Support [unlikely, as this is a customization] or (b) someone else here in the forums willing to walk you through the process -- as I haven't had to deal with this situation, I don't have ready-made code to walk you through - so it will have to be someone else.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
g_sal
Thanks for the info Ghoti,
You would think that such functionality would be basic. If folders like htdocs and templatedata are so essential for TeamSite, why on earth should it be so simple to delete them by authors who have no technical know how at all? That's a real security hole in my eyes. I'm left wondering what good are the permissions in Windows?
If there's no straight forward way to disable the delete command, is there any other way I can secure these folders from author manipulation? Perhaps through workflow? Is anyone currently implementing some scheme that protects their important directories?
smenon
In TS 6.7 when we provide you the option to create configurable roles, you should be able to create a modified "author" role where delete files or delete fodlers is disabled. Also, you will be able to set and modify file and folder permissions from the ContentCenter UI if you have the privilege to do so.
--Sunil Menon
Sr. Product Manager
Interwoven, Inc.
