We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Administrator lost access to several Elements

    • 15953
    • 123 Posts
    kirkhuyser Reply #1, 12 years, 7 months ago
    I added a user and made some permission changes, none of which I thought were to administrator group, policy, etc. But as Administrator I've now lost view of many elements (templates, template variables, etc) and do not see the TV tab in the resources. I can restore an old database and get them back but would have to re-create a lot of content added since. So I would prefer to just correct the security problem.

    For templates I had a category named "Content" which I can no longer see and of course cannot see all of my templates under "Content". "Content" does not appear under Categories. Same type issue for Template Variables.

    admin user belongs to Administrator whose role is Super User and access policy is Administrator. All boxes are checked in Administrator policy.

    I can give the new user's policy permissions to view the element tree and to view categories, templates, and tv's and when logged in as that user all these things appear.

    Can someone provide some guiding thoughts?
    • opengeek Reply #2, 12 years, 7 months ago
      What group did you give permission to access the "Content" Category? You should ALWAYS give the Administrators group access to anything you protect by adding an ACL for it first. If you protect it by assigning it to another group first, you have effectively blocked access to that object from everyone else.

      Easiest solution would be to empty the modx_access_category table of all records (i.e. truncate it) and then Flush All Sessions.
        Jason Coward
        Chief Architect @ MODX
        http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
        • 15953
        • 123 Posts
        kirkhuyser Reply #3, 12 years, 7 months ago
        That was it! Didn't realize I had done that, but yes I had given Content category access to the group that contains the new user I added. I've removed that Element Category Access and all is well.
        Many thanks - I'm struggling hard to fully understand this security.
          • 3749
          • 24,544 Posts
          BobRay Reply #4, 12 years, 7 months ago
          You could also have solved it by adding the admin to all user groups with a role of Super User.

          It's a good general policy to do that since any time you "protect" a resource or element by placing it in a resource group or category and connecting the group or category to a user group, it's hidden from everyone outside the user group -- including the admin.
            Did I help you? Buy me a beer
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/modx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting
            • 15953
            • 123 Posts
            kirkhuyser Reply #5, 12 years, 7 months ago
            You could also have solved it by adding the admin to all user groups with a role of Super User

            Thanks. I will do that now. I get it now with the ACL's - as soon as you add one you create restrictions. I don't visit security often, so things get forgotten.