Department level permission scheme

[Mark Orciuch]

Hello,

I am looking for a training video or how-to document that would help me creating permission scheme for departments. Assume that there's content type called Department with relations to employees, address, news, events, etc.

I would like to be able to create a role(s) with permission to:

1. Grant access to a specific folder (department root folder)

2. Grant access to specific categories/tags

3. Grant access to specific content type instances (for example, specific department content type and any related objects) 

Many thanks in advance for any pointers or advice.

[Stefan Schinkel]

Mark

This would be a great video to start: https://dotcms.com/videos/permissions-and-roles-in-dotcms

Best

Stefan 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/5caed1ee-05e2-437b-85d6-e363997809ean%40googlegroups.com.

--

Fall 2020 Product Updates

Stefan Schinkel

200 Portland Street, Suite 3.158

Boston MA 02114

Direct: +1(617)901-2226

[Mark Orciuch]

Thanks, Stefan. This looks exactly like what I'm looking for. I was looking at the training courses and only found a basic permissions course. I don't know how I missed this one. 

[Mark Orciuch]

So I created security role for one of the departments and all is working as expected except that I am unable to give the role ability to create new instances of specific content type (Event in this case). I have Add Children checked for the All Sites but the Add To is not available in Event permissions. What am I missing? Many thanks in advance.

[Mark Orciuch]

Never mind. I had to check "Add to" for my role at the host level.

[Mark Orciuch]

Is there an inheritance hierarchy in permissions? In the example below, does "Homeland Security" inherit permissions from the "Department User"? Many thanks in advance.

On Monday, January 25, 2021 at 1:02:39 PM UTC-6 Stefan Schinkel wrote:

[Nathan Keiter]

Probably... but I'm not sure if it's recommended.


I know for sure that the child roles inherit the "tools" from the parent.


We assign child roles to root level folders on the site. (Everything under that folder they inherit permissions for.)


http://www.example.com/homeland-security/

http://www.example.com/human-resources/


I think it's easier to manage child role permissions at the folder level.


Our parent root role has no permissions set, and no users, just tools.


[cid:3214cfa7-9b5a-49fa-80d8-f237b24f416c]

[cid:63e1a46f-2cb3-4123-b29f-4329c64bb1cb]
[cid:07b7a6a8-804a-4abf-bcb5-c54cde3b1bbd]
Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>
________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Mark Orciuch <mark_o...@ngsltd.com>
Sent: Friday, February 19, 2021 7:55 PM
To: dotCMS User Group
Subject: Re: [dotcms] Department level permission scheme

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________

Is there an inheritance hierarchy in permissions? In the example below, does "Homeland Security" inherit permissions from the "Department User"? Many thanks in advance.

[Image 11.png]

On Monday, January 25, 2021 at 1:02:39 PM UTC-6 Stefan Schinkel wrote:
Mark

This would be a great video to start: https://dotcms.com/videos/permissions-and-roles-in-dotcms<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fdotcms.com%2fvideos%2fpermissions-and-roles-in-dotcms&c=E,1,R_hUAx2UsdbcCScav5awyp7HbAvqUJxFjS58bWGF3vJdF3Ay2EYcxeGKIwMIaSiKnV3WQDUyKlq-RAvaB1N_TrkehKK8pViP5PHzwxF5u9KiySGJOwXL&typo=1>

Best

Stefan

On Mon, Jan 25, 2021 at 3:00 PM Mark Orciuch <mark_o...@ngsltd.com> wrote:
Hello,

I am looking for a training video or how-to document that would help me creating permission scheme for departments. Assume that there's content type called Department with relations to employees, address, news, events, etc.

I would like to be able to create a role(s) with permission to:

1. Grant access to a specific folder (department root folder)
2. Grant access to specific categories/tags
3. Grant access to specific content type instances (for example, specific department content type and any related objects)

Many thanks in advance for any pointers or advice.

--

http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,wx19K9x0xl-kvbR1twZl7kRexpuR1dz1vreySuDeIGTJhoj6SXe5CjX-mE0vcXWZ7GInrIN9R8NngktPMWjo4zWuO0JXI2HGVEpURWu6PnvHI9LvKQ,,&typo=1> - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/5caed1ee-05e2-437b-85d6-e363997809ean%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f5caed1ee-05e2-437b-85d6-e363997809ean%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,ADtEpyctZXuLssUJNePneHBgdFaQfg-hCS3ub8BVHbEaxiPrz3T-Ld3XKc90PRi7mlVRZiC0Tn-mgtP9sqOyACyXcOHsYxvaCEWM70LhHugzUequcvs,&typo=1>.


--
Fall 2020 Product Updates<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fdotcms.com%2fvideos%2fproduct-updates-fall-20&c=E,1,a3VdpMDOGX9gEjoHzM51WlCKCpLClyW8iweSRBQbRjtmLZBIrLE5yQkSYOw84z0kTUgRHfRx-pjAFgy7zE-VdskfO06nA0E6uO-VnztB3xqtmlcQm2BfHQ,,&typo=1>

Stefan Schinkel

[https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fci3.googleusercontent.com%2fproxy%2fvkpbJNtrXmdneq0r2l5NAGC21weurhz9szzKRn1DC2S6aQcNNCbMmbTZxuGdlIcmwFVzaPS5eRTk39b1nB7j7QNhQUIkYuSBDe_5S6ii9kEl6eXfNWbk76_zdC5P6a8WmqWa3cvOvB3lWbjMxvPSSaanYrOQ8_UW4GOMqOFegQADng0QD92aArvvX_9IHlWlbImUAcP5xi3Cw5sn6w%3ds0-d-e1-ft%23https%3a%2f%2fdocs.google.com%2fuc%3fexport%3ddownload%26id%3d1v0K0w9QSNxMzHgpS5gP7vjMAs6EeI9xB%26revid%3d0B1lvg12HyqX0RlpCZDZnaXltanVLZitDRzJRSWNYd0xlQzBvPQ&c=E,1,Ijyqjrb8jufpwDlR5-7uQHYlYRlBrX8YrCaUFJdGWezX6TeblJIcE2peWI9vZkXnXgQHiYZGUnBtXY2sZmYu3BJzeqY3ci27EAc-uCsB1og0zoDQoIU,&typo=1]<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.dotcms.com%2f&c=E,1,1x3xX5XiIvIBuLVg7P_Zw-SLg9MwYH8-gGkHkcWMVTg_9pC5wpZkQmHq_zbxmGY3_3ScDLfbnc3zrjEBdmatoLANlVaZ7P6xBgpKgV1vpfT4v99FZ3q0UdAK&typo=1>

200 Portland Street, Suite 3.158
Boston MA 02114

Direct: +1(617)901-2226<tel:+1(617)9012226>

--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,0T6sXRQyV3PvkjUTctGRnaznFl-Sijhmm6cRUyr28Fm_y6Zqek0hAtpC-2sue43TUC-rdy0QocMM-nJI2Tp_g6SObFG4ZiJevmFZ_TXqEZiVhEQ,&typo=1> - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/164fa790-bc3f-4af5-b958-e6952f89eb29n%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f164fa790-bc3f-4af5-b958-e6952f89eb29n%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,tYiPER4f9ScBwJBY_2ZNdmgu0z0abiTcwlBUveYs9JKicyR9tTixcHPRephnSJdKsUN5ImMpkc9xqR5CO4Fs-gA3eKIno-mTEXXonYrQWAUbZ0E0O1w,&typo=1>.

[Mark Orciuch]

Hi Nathan,

Thanks for the information. From my experimentation so far, it does NOT like like the child role inherits permissions from the parent role. Perhaps I am wrong.

I have close to 200 departments and it would be nice for the parent role to have all the common permissions for the templates, containers, etc and for the department roles to have permissions for the owned resources only (like folders and content).

It seems that I can achieve what I want by granting all department users the parent role and also the department role. I hope this makes sense.

On Friday, February 19, 2021 at 8:03:35 PM UTC-6 nke...@gettysburg.edu wrote:

Probably... but I'm not sure if it's recommended.


I know for sure that the child roles inherit the "tools" from the parent.


We assign child roles to root level folders on the site. (Everything under that folder they inherit permissions for.)


http://www.example.com/homeland-security/

http://www.example.com/human-resources/


I think it's easier to manage child role permissions at the folder level.


Our parent root role has no permissions set, and no users, just tools.

[Mark Orciuch]

Hello,

Still related to the department level permission scheme, I have ran into this issue. I am trying to grant permissions for a role to use some custom content type. I have granted identical permissions to "Generic Department User" role for 2 custom content types: News and Website Feedback. However, when I look at permissions inherited by the instances of these content types, they are different. 

In case of News, I see "Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com" (a host?)

In case of Website Feedback, I see "Getting permissions from parent: Website Feedback" (expected).

What am I missing here? Many thanks in advance.

[Nathan Keiter]

Did the content exist prior to the permissions change? If so you many need to cascade the changes.


Is this new content? Sometimes the UI is bugged. If you click "Permission Individually" it should reveal the true permissions on that content.

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>

________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Mark Orciuch <mark_o...@ngsltd.com>

Sent: Monday, February 22, 2021 5:10 PM

To: dotCMS User Group
Subject: Re: [dotcms] Department level permission scheme

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________

Hello,

Still related to the department level permission scheme, I have ran into this issue. I am trying to grant permissions for a role to use some custom content type. I have granted identical permissions to "Generic Department User" role for 2 custom content types: News and Website Feedback. However, when I look at permissions inherited by the instances of these content types, they are different.

In case of News, I see "Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fprod-lakecounty-upgrade.dotcmscloud.com&c=E,1,tm9gJaLAJedcffHnl5w5IDjVG0ciAiRmdbi0TonA3lM9WIdwNrqXhQQvjfsNbJ1-6CJihnhXmoae4OHTag9unx42kX3o7WuLjuFxzxNTnD8ibsjZEWJo&typo=1&ancr_add=1>" (a host?)

In case of Website Feedback, I see "Getting permissions from parent: Website Feedback" (expected).

What am I missing here? Many thanks in advance.

[news.png]
[website feedback.png]

On Saturday, February 20, 2021 at 1:43:51 PM UTC-6 Mark Orciuch wrote:
Hi Nathan,

Thanks for the information. From my experimentation so far, it does NOT like like the child role inherits permissions from the parent role. Perhaps I am wrong.

I have close to 200 departments and it would be nice for the parent role to have all the common permissions for the templates, containers, etc and for the department roles to have permissions for the owned resources only (like folders and content).

It seems that I can achieve what I want by granting all department users the parent role and also the department role. I hope this makes sense.

On Friday, February 19, 2021 at 8:03:35 PM UTC-6 nke...@gettysburg.edu wrote:
Probably... but I'm not sure if it's recommended.


I know for sure that the child roles inherit the "tools" from the parent.


We assign child roles to root level folders on the site. (Everything under that folder they inherit permissions for.)


http://www.example.com/homeland-security/

http://www.example.com/human-resources/


I think it's easier to manage child role permissions at the folder level.


Our parent root role has no permissions set, and no users, just tools.


Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325

Phone: 717.337.6993<tel:(717)%20337-6993>
https://www.gettysburg.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu&c=E,1,xr8kFMYzfXwdNgMHeRioqn82j1T_aIOX_mx7T5iDSWe6dbcg6c67GjtUjoiUm1PUozn9_fvEQ9U2hPDokz22GvmEiNXDz_zof88ek8KuxIuR&typo=1><https://www.gettysburg.edu/<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu%2f&c=E,1,F9DvabeEPkZTDPXjWD5zXQJCEsimz7HquAXVIqtb8K9VjzjoQhSs2OIyD7dHljP9NAZVLN_FSkZcu6NoYbUYyBvB4H26zWx519q2yKnu&typo=1>>


--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,fifJ3N-oiTvtxaqSiOVwmuOjqaQwYhZF02RD4NyVyI0z_T96a6HZn2l_3YuAVndWYG9NGom_vhjiL69MGt2AQZivP28FH-9N06XoXvXo7rIre5HtkA4hJNYGV7zN&typo=1> - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/53430cbb-60ac-46e6-b8ba-1d4645e19dfdn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f53430cbb-60ac-46e6-b8ba-1d4645e19dfdn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,ioed0FOv4gDmklIpZoRn7zo9z0cyOaUm0vKoT6mqCZnfiaf5AN5hhkL50fi53AY4Bpa_eyUmWvImkMsiyh0aeX6Wcg1Egzv8tnS0q3BlpzImQJPL&typo=1>.

[Mark Orciuch]

Hi Nathan,

Yes, the content did exist before the permission change and I did cascade the changes. The same thing happens with the newly created content.

I have just reset permissions for the News content type and it still says "Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com".

I just re-created the permission at the content type level with the same result.

[Nathan Keiter]

If you click "Permission Individually" what does it say?

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>
________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Mark Orciuch <mark_o...@ngsltd.com>

Sent: Monday, February 22, 2021 5:28 PM

To: dotCMS User Group
Subject: Re: [dotcms] Department level permission scheme

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________

Hi Nathan,

Yes, the content did exist before the permission change and I did cascade the changes. The same thing happens with the newly created content.

I have just reset permissions for the News content type and it still says "Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fprod-lakecounty-upgrade.dotcmscloud.com&c=E,1,MH2jBWrl777C6g5rCdgAgaXZyMvBJS3ZpVZ5KZXn_36rT4ffMk5M4g1uT0S1s7K4CfQSbXUUkeqeaLaCNuwrTmCUxAJsSMFU9smh9tVM&typo=1&ancr_add=1>".

I just re-created the permission at the content type level with the same result.


On Monday, February 22, 2021 at 4:19:16 PM UTC-6 nke...@gettysburg.edu wrote:
Did the content exist prior to the permissions change? If so you many need to cascade the changes.


Is this new content? Sometimes the UI is bugged. If you click "Permission Individually" it should reveal the true permissions on that content.

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325

Phone: 717.337.6993<tel:(717)%20337-6993>
https://www.gettysburg.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu&c=E,1,xOMdmxe2KTPuJoO2CkyIBIWLGcuFHE4bKY_iPOn7xIdCgsz-fzCqWhw5ndJ6Qrg97IeRJChAR7BvaJi9Z16O8lNEhIohsde5CS-GkTnss77DdWtk&typo=1><https://www.gettysburg.edu/<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu%2f&c=E,1,uQrkEOYOkX43WHXxzm380oZWjHTCFx5AR2-keg1SAiDzwwli1wR4OLkvhJ9ZiP1F6Y6a5G8mg6amKdrmk3I_wBmO179oVFfhV_nBM_Im-zPHSsCsmA,,&typo=1>>

________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Mark Orciuch <mark_o...@ngsltd.com>
Sent: Monday, February 22, 2021 5:10 PM
To: dotCMS User Group
Subject: Re: [dotcms] Department level permission scheme

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________
Hello,

Still related to the department level permission scheme, I have ran into this issue. I am trying to grant permissions for a role to use some custom content type. I have granted identical permissions to "Generic Department User" role for 2 custom content types: News and Website Feedback. However, when I look at permissions inherited by the instances of these content types, they are different.

In case of News, I see "Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fprod-lakecounty-upgrade.dotcmscloud.com&c=E,1,BmWxvTwvMKGOfRprIP4YbOcRebm2qRDEOPtSjHTz0escLWO51WIS2HHrM_9gw84AlinGXbDbTJEsiGSJbNCWhxGSBKfFQDImRlmo2lFGsdnCZszE&typo=1><https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fprod-lakecounty-upgrade.dotcmscloud.com&c=E,1,tm9gJaLAJedcffHnl5w5IDjVG0ciAiRmdbi0TonA3lM9WIdwNrqXhQQvjfsNbJ1-6CJihnhXmoae4OHTag9unx42kX3o7WuLjuFxzxNTnD8ibsjZEWJo&typo=1&ancr_add=1>" (a host?)

In case of Website Feedback, I see "Getting permissions from parent: Website Feedback" (expected).

What am I missing here? Many thanks in advance.

--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,UNw4jaqwHfMS2h_tSEdrJw02lR7xr8oqmxEHwZ7SRDTivpAPt7nCu0zJiRToi9IaIwrrm-686VZwD2wneK2djzsWCKbDT8cafAQggh7S3xP8CN73HIVyzfrO&typo=1> - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/2591b8f5-02ed-4b54-8643-266d2600bd6dn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f2591b8f5-02ed-4b54-8643-266d2600bd6dn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,CBJKUj_AWgmg0yovusbIVyP9vlZZrmJkzplk_wX9Nxy3nDbyy4UZgPtrYHP0XYAlevK_qlqfP0HLUbhA-dfgaldWk6jp0B3MvyUsNJSUFYDR&typo=1>.

[Mark Orciuch]

On News Content Permissions tab, clicking "Permission Individually" reveals Add Role / Add User drop downs.

On the News Content Type Permissions tab, "Permission Individually" is not available until I click RESET PERMISSIONS. After clicking RESET PERMISSIONS, I get Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com

[Nathan Keiter]

Yeah, I meant on content.


Does the listing change to what you had expected or does it stay the same?

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>

________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Mark Orciuch <mark_o...@ngsltd.com>

Sent: Monday, February 22, 2021 5:39 PM

To: dotCMS User Group
Subject: Re: [dotcms] Department level permission scheme

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________

On News Content Permissions tab, clicking "Permission Individually" reveals Add Role / Add User drop downs.

On the News Content Type Permissions tab, "Permission Individually" is not available until I click RESET PERMISSIONS. After clicking RESET PERMISSIONS, I get Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fprod-lakecounty-upgrade.dotcmscloud.com&c=E,1,XKHuO7cPA5H_ctql74MglBwK4oTciUPAR5oNYQIAvvvhCLJsOumHnxU4nGV_ldt29wl-fbRzFt6UGA3YcMSr3LSVHw-RF72PsZJ6MZLEPbhb8vO5LbGhAE8,&typo=1&ancr_add=1>

On Monday, February 22, 2021 at 4:32:59 PM UTC-6 nke...@gettysburg.edu wrote:
If you click "Permission Individually" what does it say?

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325

Phone: 717.337.6993<tel:(717)%20337-6993>
https://www.gettysburg.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu&c=E,1,mYtou8SAyOS9wpojaU5-5uxOpLjiPcSnyaR1RrdBVOG9xl2HRT-qUya-w0RDYRcSEK0ipJdqPgqyMxrCeXuXlVSkBTqZodnKX__cqULhmX2T93bT&typo=1><https://www.gettysburg.edu/<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu%2f&c=E,1,U3ZrYAj1Lu_EY98oi56OXxEFrTwaz6U3diH6XKmN1v-ehmXHQFpZUwzMedfiWCWRSKgkQHr6iuvKvMRO3Duop60kgEUeTm6QfHgp2bTYel8PZV04Jt6NBR16&typo=1>>


--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,XBRtBpsrv0Z7SF95tIHle4JvHd2gwP53i8275AGpredAW6v3e12cYSNzcaKe4TWbQGbUxA1JCkw4hqgu066FS4-a2n_dNwwNpIsW3eLTQmyKiw,,&typo=1> - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/6639a640-1500-424d-b656-fdfee212688fn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f6639a640-1500-424d-b656-fdfee212688fn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,Q16Pa-rcE-0suvqhxyepO9QNVUP1k1rfEfVSZhX4a1jUgyItEnhM8vTgh5_2Dfx9plE1pZJk-_jepexcbQlv1L2WGorGDA_jiDwm_98JpF7Z&typo=1>.

[Mark Orciuch]

If I change it at the content level, it works as expected. But I shouldn't have to do that. 

Perhaps I am mistaken but I would expect the newly created content to inherit from the content type permissions.

[Nathan Keiter]

What I'm trying to describe is a display bug where:


1. The permissions are correct, but you don't see them correctly in "inheritance" mode.

2. You can see the correct permissions when you click "Permission Individually".


It's a known issue on some versions.


If you are not seeing this bug, I'm not sure what to tell you. Yes, you shouldn't have to set permissions individually.

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>
________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Mark Orciuch <mark_o...@ngsltd.com>

Sent: Monday, February 22, 2021 5:51 PM

To: dotCMS User Group
Subject: Re: [dotcms] Department level permission scheme

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________

If I change it at the content level, it works as expected. But I shouldn't have to do that.

Perhaps I am mistaken but I would expect the newly created content to inherit from the content type permissions.

On Monday, February 22, 2021 at 4:42:15 PM UTC-6 nke...@gettysburg.edu wrote:
Yeah, I meant on content.


Does the listing change to what you had expected or does it stay the same?

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325

Phone: 717.337.6993<tel:(717)%20337-6993>
https://www.gettysburg.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu&c=E,1,PIv0u8M9LGYOj2Y0AiddTgVilc4qL00LJkz-G7RRyRuOssGidW3pWAhp6uGnU731Wh4TxBWs-OAoGDX5KNpPNdXOAYmPL8w4YHG2Fk2sTWJP0LMRWhepiNY,&typo=1><https://www.gettysburg.edu/<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu%2f&c=E,1,JpcNgdCDnhBJsgGztq72FVwDiudnPt1HaWp5DyI_jkNI7idX7nO06QOrVUWnwdRZvT3EHj9bPB_dd2Uj2sIT37uwC2C5lT4PYq1kh3joZuFIzzRI&typo=1>>

________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Mark Orciuch <mark_o...@ngsltd.com>
Sent: Monday, February 22, 2021 5:39 PM
To: dotCMS User Group
Subject: Re: [dotcms] Department level permission scheme

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________
On News Content Permissions tab, clicking "Permission Individually" reveals Add Role / Add User drop downs.

On the News Content Type Permissions tab, "Permission Individually" is not available until I click RESET PERMISSIONS. After clicking RESET PERMISSIONS, I get Getting permissions from parent: prod-lakecounty-upgrade.dotcmscloud.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fprod-lakecounty-upgrade.dotcmscloud.com&c=E,1,5rYPOt0Ypn4kogovpX6wURJIzp7qtAiX0vy46NoFuObrBLeg_EwClgm0NTjyW5YVBaQjcXSdbU6s5XtQPX9e4sCLv8UdBH0HXXnubYUv&typo=1><https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fprod-lakecounty-upgrade.dotcmscloud.com&c=E,1,XKHuO7cPA5H_ctql74MglBwK4oTciUPAR5oNYQIAvvvhCLJsOumHnxU4nGV_ldt29wl-fbRzFt6UGA3YcMSr3LSVHw-RF72PsZJ6MZLEPbhb8vO5LbGhAE8,&typo=1&ancr_add=1>

On Monday, February 22, 2021 at 4:32:59 PM UTC-6 nke...@gettysburg.edu wrote:
If you click "Permission Individually" what does it say?

Nathan I. Keiter | Lead Network Applications Programmer | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325

Phone: 717.337.6993<tel:(717)%20337-6993><tel:(717)%20337-6993>
https://www.gettysburg.edu<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu&c=E,1,aTdihOXqpdm9jiAVjgrr-n0-YpxCddFarAyzDn4Ygf4pKJ8ASy-F9SokKTzKjalwDiAZ7DUWdQ8OrVZ81gh8e_fhJlftGC4Aj8_Rg5-2CeEDaeFp&typo=1><https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu&c=E,1,mYtou8SAyOS9wpojaU5-5uxOpLjiPcSnyaR1RrdBVOG9xl2HRT-qUya-w0RDYRcSEK0ipJdqPgqyMxrCeXuXlVSkBTqZodnKX__cqULhmX2T93bT&typo=1><https://www.gettysburg.edu/<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu%2f&c=E,1,RBbakMfiIEa_8xIBQBAoad1Xf-bVudunEn1X99wM48MhY8jJ5Ogb1ELgjw76oB3v7_qErwlA8YWm4Aj6UO3FKR5ZPSnnmfaYKfeiYjOFTdwe3oXC9YKrWa4,&typo=1><https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.gettysburg.edu%2f&c=E,1,U3ZrYAj1Lu_EY98oi56OXxEFrTwaz6U3diH6XKmN1v-ehmXHQFpZUwzMedfiWCWRSKgkQHr6iuvKvMRO3Duop60kgEUeTm6QfHgp2bTYel8PZV04Jt6NBR16&typo=1>>


--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,aVBnxaByB5nzlZv5Hyr_AYTi5gAceJ_LkEWa4zd_kQuOJCkWXZU6ZBnc50VR8KC8n5VKCjepNW1etsN2BHTsMBg0Fahi2aDRTgx4fw-v1KeyEJborQ,,&typo=1><https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,XBRtBpsrv0Z7SF95tIHle4JvHd2gwP53i8275AGpredAW6v3e12cYSNzcaKe4TWbQGbUxA1JCkw4hqgu066FS4-a2n_dNwwNpIsW3eLTQmyKiw,,&typo=1> - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/6639a640-1500-424d-b656-fdfee212688fn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f6639a640-1500-424d-b656-fdfee212688fn%2540googlegroups.com&c=E,1,NeP7ty9KA5azBEMW-3fTLIS4C4lAruRajtsA6Z_8IK88Q1aHsLlp5cQDtM6Iq9lplbUrF4IAw9s0emiItpMRy9EfdEPdCfHECHLMCrKTrR9DKHwT-dO0VYZX&typo=1><https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f6639a640-1500-424d-b656-fdfee212688fn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,Q16Pa-rcE-0suvqhxyepO9QNVUP1k1rfEfVSZhX4a1jUgyItEnhM8vTgh5_2Dfx9plE1pZJk-_jepexcbQlv1L2WGorGDA_jiDwm_98JpF7Z&typo=1>.

--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,jzlbsB9iIZmCKwOib6San1N7dvE5I_8pGt0Ht0Vd0ZHJYEXpVG4APJ7VlT0X29D4FUpG6i7WyWP16UTzql5ajxdyDWxjwhi1bg2Jp1KmF8f8bMnb7A,,&typo=1> - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/29cfa007-9233-4167-8e4f-61ab307137fbn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2f29cfa007-9233-4167-8e4f-61ab307137fbn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,cQgPt3VwxXlPxR0WdKI7qeaSAonLk7nENyLWafbYReMjl_7VWm-nyVQqHX0bBgv8vf1ieP0kQYSw7Os0k8EvvyajCWUjtUEXXOarkiS_FXNArwGfhtSnmpSsgw,,&typo=1>.

[Mark Orciuch]

Hi Nathan,

I understand but I don't think that my version [5.3.8.2] is affected by this bug. Thanks for your efforts.

[Mark Pitely]

Our Permission setup is exactly backwards of what you seem to be describing. Ours goes Child->Parent, rather than Parent->Child (which is what you would expect from, say OOP/C#) as far as inheritance goes.

So it is more "Boss -> Employee'. if you will.

I could be wrong - permissions are one of the things I tried to avoid!

But what we have is something that mimics our business structure, we also break down the permissions into different pieces.

 A typical user would have several permissions like this:

All Content -> Academic Content -> College of Health -> Nursing -> Nursing Work Study.  (Pages and folder permissions, in this case, the Dean's Secretary would get College of Health, and our Marketing Content Director would get the All Content, but not, say, Administrator, and should, in theory have access to every page without us ever setting permissions for them to have it, but getting them from all the roles below.)

CMS Users -> CMS User (CMS Tabs access, generic things)

All Templates -> Normal Template (Access to the normal template)

All Templates -> Homepage Template (Access to the fancy template for landing pages)

In this case, you'd be setting only 'Nursing Work Study' in the first instance. 

We build up, so 'All Content' inherits everything underneath, with the tiniiest and fewest permissions being the final child. 

Mark Pitely

Marywood University

--
http://dotcms.com - Open Source Java Content Management

---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/10b2bb21-940f-4a0b-9515-a30e220c06f8n%40googlegroups.com.

[Mark Orciuch]

Hi Mark,

Yes, this make sense now. I have to change the way I think about inheritance in this case (and pay more attention to the docs). Thanks again!