Level 3

Issue with Move operation permissions

Forum|Forum|1 year ago
August 23, 2024
3 replies
1903 views

I've created a situation where authors are running into permission issues when trying to move pages under certain conditions.

To manage access, I set up group ACLs that limit author permissions to specific content paths, allowing them to only edit, publish, and perform similar actions within their designated regions. This was achieved by denying jcr:write and crx:replicate at the /content level, while allowing these permissions for their specific regional content paths.

This setup works well until an author needs to move or rename a page within their accessible top-level path. If that page only has references within the author's regions they have access to, the move operation works fine. If that page does have references outside the region they can access, it triggers a "request to move" operation. This happens because the move process attempts to update the references through unpublishing and publishing, which they cannot perform outside of their region. I understand why this is occurring.

While I have some ideas for workarounds, I wanted to check if there’s a simpler solution that I might be overlooking. Please let me know if you need any further details.

pulkitvashisth

Community Advisor

Hi @mmasonwd
The simplest solution would be to give your authors a reference report.

Best part is this will remain disjoint from your current ACL permissions and authors can make use of reference report to identify references before attempting a move so they can either remove or manually adjust references within their permissions.

However this will increase overhead but would help without change current ACL permissions.

Using the report authors can manually update references within their allowed region or request assistance for references outside their control.

M

mmasonWDAuthor

Level 3

Thanks for the suggestion, but I am hoping for a solution that does not require additional assistance from an admin or another user. While this is a good suggestion, we have almost 40 authors and over 3500 pages, so not too feasible for our situation. I wasn't sure if there was some Access Control Entry that could be added/edited that I am overlooking that could solve this issue.

pulkitvashisth

Community Advisor

If you only want to use ACL to achieve the same then one thing you can do is assign specific permissions to a user group that are required for moving pages with references to other non accessible regions, that is I think jcr:write and jcr:modifyProperties permissions for the content path root.
Then you can assign this group temporarily to a regional author group and remove the group when the moving is done.
This can be done using a simple installable permissions package.

kautuk_sahni

Community Manager

@mmasonwd Did you find the suggestion helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Kautuk Sahni

M

mmasonWDAuthor

Level 3

Unfortunately there is no correct answer here as it seems the route I was attempting to take and the specific outcomes I needed are not possible.

benhenson

Level 2

Hi, did you ever come up with a viable solution? We are experiencing this same issue, and running into the same wall re: large number of users and directories.

M

mmasonWDAuthor

Level 3

We were not able to discover a solution. Since moving/renaming pages does not happen often, we just live with the fact that sometimes an admin will have to approve a request.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded