-
- 123 Posts
I added a user and made some permission changes, none of which I thought were to administrator group, policy, etc. But as Administrator I've now lost view of many elements (templates, template variables, etc) and do not see the TV tab in the resources. I can restore an old database and get them back but would have to re-create a lot of content added since. So I would prefer to just correct the security problem.
For templates I had a category named "Content" which I can no longer see and of course cannot see all of my templates under "Content". "Content" does not appear under Categories. Same type issue for Template Variables.
admin user belongs to Administrator whose role is Super User and access policy is Administrator. All boxes are checked in Administrator policy.
I can give the new user's policy permissions to view the element tree and to view categories, templates, and tv's and when logged in as that user all these things appear.
Can someone provide some guiding thoughts?
What group did you give permission to access the "Content" Category? You should ALWAYS give the Administrators group access to anything you protect by adding an ACL for it first. If you protect it by assigning it to another group first, you have effectively blocked access to that object from everyone else.
Easiest solution would be to empty the modx_access_category table of all records (i.e. truncate it) and then Flush All Sessions.
-
- 123 Posts
That was it! Didn't realize I had done that, but yes I had given Content category access to the group that contains the new user I added. I've removed that Element Category Access and all is well.
Many thanks - I'm struggling hard to fully understand this security.
-
- 24,544 Posts
You could also have solved it by adding the admin to all user groups with a role of Super User.
It's a good general policy to do that since any time you "protect" a resource or element by placing it in a resource group or category and connecting the group or category to a user group, it's hidden from everyone outside the user group -- including the admin.