We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 40122
    • 330 Posts
    I have 3 Resource groups with different users and resources in each. However, all these resources can be accessed publically by anyone regardless if they are logged into any user group.

    I followed the instructions here http://rtfm.modx.com/revolution/2.x/administering-your-site/security/security-tutorials/making-member-only-pages but am not sure what I did wrong.

    Heres what I have:

    I first created a new User Group with context: web and I checked the 'Create Parallel Resource Group' check box.

    I then went to Content>>Resource Groups and dragged the pages I wanted protected into it.



    I then went to Mange>>Users and added the users I wanted to be able to view these resources to the corresponding User Group. I gave them the Role of Members.



    I then Flushed Permissions and Cleared the Cache.

    But if I paste the URL of any of the protected pages in another browser or incognito mode I can still access the pages.

    Same if I am logged in as a user who is not part of that group.

    I'm not sure what I have done wrong. Can anyone help me out?

    (Sorry, I can find where to find the version number of this version of ModX but it is probably the latest)



    UPDATE:

    I found this page http://rtfm.modx.com/revolution/2.x/administering-your-site/security/resource-groups saying I had to uncheck the resources from being Public Pages but when I look on the Resource Group tab there is no Public Page option there:

    This question has been answered by donshakespeare. See the first response.

    [ed. note: meltingdog last edited this post 9 years ago.]
    • discuss.answer
      • 42562
      • 1,145 Posts
      donshakespeare Reply #2, 9 years ago
      Assuming your User Groups have the right permission (load,list,view +)
      Go to your /manager/?a=security/permission
      Right click/update the Anonymous User Group

      Make sure this group has load only in the Context Access tab
      Make sure this group has load only in the Resource Group Access tab
        TinymceWrapper: Complete back/frontend content solution.
        Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
        5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.
        • 3749
        • 24,544 Posts
        Don't forget to flush permissions *and* sessions before testing.
          Did I help you? Buy me a beer
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/modx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
          • 40122
          • 330 Posts
          Quote from: donshakespeare at Mar 18, 2015, 07:25 PM
          Assuming your User Groups have the right permission (load,list,view +)

          Thanks Donshakespeare.

          The issue was I had set the User Group's Permission's Access Policy to 'Context' rather than 'Load, List and View'
            • 42562
            • 1,145 Posts
            donshakespeare Reply #5, 9 years ago
            Glad that pesky permission thing got fixed.
              TinymceWrapper: Complete back/frontend content solution.
              Harden your MODX site by passwording your three main folders: core, manager, connectors and renaming your assets (thank me later!)
              5 ways to sniff / hack your own sites; even with renamed/hidden folders, burst them all up, to see how secure you are not.