Advanced permission issues
Permalink
I'm trying to lock down a site using advanced permissions, and would appreciate some help.
I've got 2 or 3 sections (pages immediately under the home page) where I want different editors to be responsible for editing that section. So they should be able to add subpages, delete, approve, etc.
I can do this by having the main section pages set with 'Manual' permission with access to the correct group. I've then set subpages added beneath this page to 'inherit the permissions of this page'. This seems to work great, and as new pages are created within the section they're automatically restricted to the correct editor.
However, every page also has a auto-nav block for the header and sidebar, which I don't want the editors being able to edit (or delete!), and this is where it's getting confusing. I've gone in to the 'default' pagetype, and set the permissions on the header and sidebar areas to readonly for every group we have.
I can't work out how to pick up these permissions though. If I get a page within a section to inherit permissions from the parent page, I get the correct group-editing rights for the page, but the editor can then edit the autonav block. Alternatively, it seems that if I get the page to inherit from the default pagetype, then I think I get the header and sidebar areas as uneditable, but then the editor access to the page is wrong because it's not inheriting this from the parent page.
Is this a supported setup and am I just doing something wrong, or is this not possible? I didn't switch from simple to advanced permissions at the very start of the project (this is my first c5 site), so is this causing the problem and is there any way round it?
Sorry for the long post!
I've got 2 or 3 sections (pages immediately under the home page) where I want different editors to be responsible for editing that section. So they should be able to add subpages, delete, approve, etc.
I can do this by having the main section pages set with 'Manual' permission with access to the correct group. I've then set subpages added beneath this page to 'inherit the permissions of this page'. This seems to work great, and as new pages are created within the section they're automatically restricted to the correct editor.
However, every page also has a auto-nav block for the header and sidebar, which I don't want the editors being able to edit (or delete!), and this is where it's getting confusing. I've gone in to the 'default' pagetype, and set the permissions on the header and sidebar areas to readonly for every group we have.
I can't work out how to pick up these permissions though. If I get a page within a section to inherit permissions from the parent page, I get the correct group-editing rights for the page, but the editor can then edit the autonav block. Alternatively, it seems that if I get the page to inherit from the default pagetype, then I think I get the header and sidebar areas as uneditable, but then the editor access to the page is wrong because it's not inheriting this from the parent page.
Is this a supported setup and am I just doing something wrong, or is this not possible? I didn't switch from simple to advanced permissions at the very start of the project (this is my first c5 site), so is this causing the problem and is there any way round it?
Sorry for the long post!
Many thanks for the reply. When you talk about cleaning up the permssions by hand (I've seen this in a couple of other posts as well), how do I do this? Is there a sql query that I can run against the database to reset everything, or something in the dashboard, or do I need to delete and recreate all the pages?
After this, I'm a bit confused about 3). I understand this as I should be setting up the subsection pages to inherit permissions from the root spots? Will these pages still pick up the permissions from the default pagetype though?
After this, I'm a bit confused about 3). I understand this as I should be setting up the subsection pages to inherit permissions from the root spots? Will these pages still pick up the permissions from the default pagetype though?
no there isn't a clear permissions routine, or at least thats what we try to do when changing to advanced mode.. it just isn't always perfect so some tweaking is sometimes needed.. that shouldn't mean deleting everything though..
advanced permissions can run in several ways, they can be set on a page specific level, inherit from where you are on the tree, or inherit from the page type.
advanced permissions can run in several ways, they can be set on a page specific level, inherit from where you are on the tree, or inherit from the page type.
1) yes what you're talking about is totally possible.
2) yes, its possible that putting a site in advanced permissions mode AFTER making content and changing things around in simple permissions mode will cause some funky behavior that has to be cleaned up by hand..
3) yes, i would set this up as you are.. use manual set at the root spots you want to tie down to groups.. if you goto defaults and edit the actual permissions for that specific autonav block, you should be able to lock it down while still giving admins rights to edit everything else.