Quote from: BobRay at Jan 07, 2011, 07:05 AM
Bear in mind that tree_root_id doesn’t really protect the resources. It’s fine for naive users who can be trusted, but if a user can guess the correct URL for editing a resource in the Manager, they can still do it.
Yeah I don’t think I’m going to do that.
OK so I think I got it working after much toil, blow by blow account below.
1. I created a new Resource Group called "Developer Resources".
2. To this I added all the resources with snippets that I wanted to hide from my client.
3. I now created a new Role in Security -> Access Controls -> Roles [I called it "Editor" and gave it a priv of 1]
4. I created a new User Group called "Client Editor" in Security -> Access Controls -> User Groups
5. I now created a new User in Security -> Manage Users -> Add User. I added this user to the user group "Client Editor" with a Role of "Editor"
6. I now edited the User Group called "Client Editor" created in step 4.
7. In Users tab I added the user I created in step [5]
8. In Context Access I setup the following:
Context: mgr | Minimum Role: Editor | Access Policy: Content Editor (ensures this guy can login to manager)
Context: web | Minimum Role: Editor | Access Policy: Content Editor
9. In Resource Group Access I setup:
Resource Group: Developer Resources | Minimum Role: Editor | Access Policy: Load Only | Context: mgr (means this guys cannot see these docs in mgr context....which is what I want)
Resource Group: Developer Resources | Minimum Role: Editor | Access Policy: Load Only | Context: web
10. Save
Still with me....
11. Edit the Administrator User Group now.
12. In Resource Group Access add the following:
Resource Group: Developer Resources | Minimum Role: Super User | Access Policy: Resource | Context: mgr (means this guys can see these docs in mgr context, and still edit etc)
Resource Group: Developer Resources | Minimum Role: Super User| Access Policy: Resource | Context: web
13. Save and then Flush permissions.
DONE!! I now have an admin user who can see everything, and an Editor user who sees all documents but the ones I hide from them in my "Developer Resources" group.
I’m off to get a coffee
I think the thing that did not sit well in my head was the fact the admin can hide documents from themselves, this to me seems very odd (I am the admin after all) I make the rules!!!
Thanks guys for replying to this thread!