Hello there,
I have read the docs below regarding user admin and security but they seem a bit thin of real use case examples. I would like to remove admin access from my user and only allow them content-authoring access. However if i do so they cannot edit the page - it is blank, no sidekick, nothing. Am i missing something obvious?
Many thanks,
Nick
http://dev.day.com/docs/en/cq/current/administering/security.html
Solved! Go to Solution.
I would recommend that you take a look at the access.log and see what path is generating a 404. Then go take a look at the user in question and see if you can see which group is causing a restriction to that path.
One of the things that the LDAP connector will do is automatically add groups to users - its possible if the LDAP connector is adding a new group to your LDAP users that group might have deny permissions on it that are overriding the standard group permissions.
Even if that's not it the LDAP connector itself is unlikely to causing this, either permissions of the existing groups have been changed some how, or the LDAP connector is adding groups to the users and those groups are overriding the standard groups. So I would look at the users in question and verify that their group assignments are unchanged and that they still have all the right groups and don't have any new groups.
Views
Replies
Total Likes
So are you talking about changing the user's group assignments? When you removed the administrator group did you replace it with another group (like contributor)? If you want the user to be able to edit a page they have to be a member of at least one group that has read and modify permissions for the page in question.
Thanks for replying.
Yes group assignments. The user is a member of contributors and authors which have read and modify permissions to the content/website folder and subfolders. When i login the siteadmin page is blank and if i go to http:/localhost:4502/cf#/content/site it too is blank. However if i login as admin both these pages are displayed. Do permissions need to be applied anywhere else? I am only using the geometrixx website. Thanks again.
Views
Replies
Total Likes
The author also needs to have access to the application bits that render the content for authoring, so that means all the geometrixx apps, page components, etc, also the website admin app under /libs....
scott
Views
Replies
Total Likes
Thanks Scott.
Could you be more specific with regard to the dir locations?
It seems that the problem starts when i enabled ldap logins. Since then the existing author/contributor groups don't work as they did beforehand. Any ideas?
Views
Replies
Total Likes
I would recommend that you take a look at the access.log and see what path is generating a 404. Then go take a look at the user in question and see if you can see which group is causing a restriction to that path.
One of the things that the LDAP connector will do is automatically add groups to users - its possible if the LDAP connector is adding a new group to your LDAP users that group might have deny permissions on it that are overriding the standard group permissions.
Even if that's not it the LDAP connector itself is unlikely to causing this, either permissions of the existing groups have been changed some how, or the LDAP connector is adding groups to the users and those groups are overriding the standard groups. So I would look at the users in question and verify that their group assignments are unchanged and that they still have all the right groups and don't have any new groups.
Views
Replies
Total Likes
I'm not familiar with LDAP integration so I won't be able to help much, except to do the obvious and point you to the LDAP docs:
scott
Views
Replies
Total Likes
Thanks for the response. The user is a member of content-authors and when i access http://usb-aemaut01:4502/cf#/content/geometrixx-outdoors/en.html i see a load of 304 reponses. Apart from at the end where there is a 404 on a security node.
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/userinfo.json?cq_ck=1378991255127 HTTP/1.1" 404 1435 "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
I'm a bit stumped really. This is all out of the box stuff apart from the ldap enabled service.
Any help much appreciated.
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /cf HTTP/1.1" 200 58091 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/clientlibrarymanager.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/jquery.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/jquery.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/shared.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/jquery/granite.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/utils.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/ui/rte.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/ui/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/searchpromote/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/tagging/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/mcm/emailservice-clientlib.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/personalization/audiencemanager/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/cloudserviceconfigs/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/dam/components/scene7/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/media/publishing/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/jquery-ui.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/jcarousel.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/granite/underscore.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/kernel.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/select2.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /etc/clientlibs/foundation/personalization/ui.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/personalization/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/analytics/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/widgets/themes/default.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/ui/widgets/themes/default.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/tagging/widgets/themes/default.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/commerce/widgets.js HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/security/userinfo.json?cq_ck=1378991255127 HTTP/1.1" 404 1435 "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
10.24.206.76 - nicholas.carn 12/Sep/2013:09:07:34 -0400 "GET /libs/cq/i18n/dict.en.json HTTP/1.1" 304 - "http://usb-aemaut01:4502/cf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
Views
Replies
Total Likes