Content-Author Permissions | Community
Skip to main content
nicholas_carn
nicholas_carn
October 16, 2015
Solved

Content-Author Permissions

  • October 16, 2015
  • 7 replies
  • 2160 views

Hello there,

I have read the docs below regarding user admin and security but they seem a bit thin of real use case examples.  I would like to remove admin access from my user and only allow them content-authoring access.  However if i do so they cannot edit the page - it is blank, no sidekick, nothing.  Am i missing something obvious?

Many thanks,

Nick

http://dev.day.com/docs/en/cq/current/administering/security.html

http://dev.day.com/docs/en/cq/current/core/administering/user_group_ac_admin.html#How%20Access%20Rights%20are%20Evaluated

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by PaulMcMahon

    I would recommend that you take a look at the access.log and see what path is generating a 404. Then go take a look at the user in question and see if you can see which group is causing a restriction to that path. 

    One of the things that the LDAP connector will do is automatically add groups to users - its possible if the LDAP connector is adding a new group to your LDAP users that group might have deny permissions on it that are overriding the standard group permissions. 

    Even if that's not it the LDAP connector itself is unlikely to causing this, either permissions of the existing groups have been changed some how, or the LDAP connector is adding groups to the users and those groups are overriding the standard groups. So I would look at the users in question and verify that their group assignments are unchanged and that they still have all the right groups and don't have any new groups. 

    7 replies

    P
    PaulMcMahon
    Level 8
    October 16, 2015

    So are you talking about changing the user's group assignments? When you removed the administrator group did you replace it with another group (like contributor)? If you want the user to be able to edit a page they have to be a member of at least one group that has read and modify permissions for the page in question.  

      nicholas_carn
      nicholas_carnAuthor
      October 16, 2015

      Thanks for replying.

      Yes group assignments.  The user is a member of contributors and authors which have read and modify permissions to the content/website folder and subfolders. When i login the siteadmin page is blank and if i go to http:/localhost:4502/cf#/content/site it too is blank.  However if i login as admin both these pages are displayed.  Do permissions need to be applied anywhere else?  I am only using the geometrixx website.  Thanks again.

      Scott_Brodersen
      Scott_Brodersen
      Level 8
      October 16, 2015

      The author also needs to have access to the application bits that render the content for authoring, so that means all the geometrixx apps, page components, etc, also the website admin app under /libs....

       

      scott

      nicholas_carn
      nicholas_carnAuthor
      October 16, 2015

      Thanks Scott.

      Could you be more specific with regard to the dir locations?

      It seems that the problem starts when i enabled ldap logins.  Since then the existing author/contributor groups don't work as they did beforehand.  Any ideas? 

      P
      PaulMcMahonAccepted solution
      Level 8
      October 16, 2015

      I would recommend that you take a look at the access.log and see what path is generating a 404. Then go take a look at the user in question and see if you can see which group is causing a restriction to that path. 

      One of the things that the LDAP connector will do is automatically add groups to users - its possible if the LDAP connector is adding a new group to your LDAP users that group might have deny permissions on it that are overriding the standard group permissions. 

      Even if that's not it the LDAP connector itself is unlikely to causing this, either permissions of the existing groups have been changed some how, or the LDAP connector is adding groups to the users and those groups are overriding the standard groups. So I would look at the users in question and verify that their group assignments are unchanged and that they still have all the right groups and don't have any new groups. 

      Scott_Brodersen
      Scott_Brodersen
      Level 8
      October 16, 2015

      I'm not familiar with LDAP integration so I won't be able to help much, except to do the obvious and point you to the LDAP docs:

      https://dev.day.com/docs/en/cq/current/core/administering/ldap_authentication.html#Setting%20Access%20Rights

       

      scott

      nicholas_carn
      nicholas_carnAuthor
      October 16, 2015

      Thanks for the response.  The user is a member of content-authors and when i access http://usb-aemaut01:4502/cf#/content/geometrixx-outdoors/en.html  i see a load of 304 reponses.  Apart from at the end where there is a 404 on a security node.

      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/userinfo.json?cq_ck=1378991255127 HTTP/1.1" 404 1435 "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"

      I'm a bit stumped really.  This is all out of the box stuff apart from the ldap enabled service.

      Any help much appreciated.

      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /cf HTTP/1.1" 200 58091 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/clientlibrarymanager.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/jquery.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/jquery.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/shared.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/jquery/granite.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/utils.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/ui/rte.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/ui/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/searchpromote/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/tagging/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/mcm/emailservice-clientlib.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/personalization/audiencemanager/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/cloudserviceconfigs/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/dam/components/scene7/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/media/publishing/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/jquery-ui.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/jcarousel.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/underscore.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/kernel.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/select2.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/ui.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/personalization/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/analytics/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/widgets/themes/default.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/ui/widgets/themes/default.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/tagging/widgets/themes/default.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/commerce/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/userinfo.json?cq_ck=1378991255127 HTTP/1.1" 404 1435 "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
      10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/i18n/dict.en.json HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"

      Terms & ConditionsAccessibility statement

      Loading footer...