<![CDATA[ Revolution Security Use Cases

<![CDATA[ Revolution Security Use Cases - My Forums]]> https://forums.modx.com/thread/?thread=25318 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129992 Quote from: TomMLS at May 19, 2011, 02:54 PM

Then one could do this by creating separate groups etc.??

Yes.

As to member-only pages...it looks like that tutorial is for the web side only. It should teach how to do this for manager side too??

Sure, it could be expanded. Basically all you need to do though is change the Context in the ACL entry in step 4 from ’web’ to ’mgr’, and put that on the Administrator User Group (rather than the Editors or whatever user group).]]> splittingred May 19, 2011, 10:36 AM https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129992 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129990 Quote from: TomMLS at May 19, 2011, 02:32 PM

I want to give them a subset of documents they can edit and I figured this out with BobRay’s tutorial, which I thought could be simpler, it would be good for MODx to document this with several examples, people have a better chance of figuring it out with multiple explanations and examples.

This tutorial does a pretty good job of that: http://rtfm.modx.com/display/revolution20/Making+Member-Only+Pages

I’d like to see being able to create different user groups on the same site with different sets of documents they can work on/edit.

See above link.

What about user groups that are a subset of another user group, wherein the subsetted groups has fewer or more rights??

User Group Inheritance is not currently a feature in MODX Revolution; it is on the Roadmap, however.

The documentation should follow Carlo’s tweet:
@splittingred from a forum thread I was thinking on someth like this but for each user: starting context->user groups->resource groups #modx

Actually, the best way to do Security in MODX is to start by creating a list of Policies you want to have - basically, make a collection of Policies that have the right sets of Permissions, and then all you have to do is add ACL records for the User Groups you want.]]> splittingred May 19, 2011, 09:50 AM https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129990 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129988 Quote from: Martijn at May 19, 2011, 02:23 PM

look at the Resources-tab at the left. You’ve got icons above the tree for creating a new Document, Weblink, Symlink and Static Resource. I want to be able to remove the ability for clients to create a new Weblink, Symlink and Static Resource. In simpler terms: how can I get rid of those extra icons?

Today is Feature Request day for Martin. wink

You cannot, at this time, restrict creation of derivative Resource types. That would be a great feature request for 2.2.]]> splittingred May 19, 2011, 09:28 AM https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129988 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129987
look at the Resources-tab at the left. You’ve got icons above the tree for creating a new Document, Weblink, Symlink and Static Resource. I want to be able to remove the ability for clients to create a new Weblink, Symlink and Static Resource. In simpler terms: how can I get rid of those extra icons?]]> Martijn van Turnhout May 19, 2011, 09:23 AM https://forums.modx.com/thread/25318/revolution-security-use-cases?page=2#dis-post-129987 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129986 Martijn van Turnhout May 19, 2011, 09:14 AM https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129986 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129985
Again, this is a great move!]]> Martijn van Turnhout May 19, 2011, 09:13 AM https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129985 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129984 http://rtfm.modx.com/display/revolution20/Restricting+an+Element+from+Users]]> splittingred May 19, 2011, 09:10 AM https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129984 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129983
- Category: "My Category"
- User Group: mygroup
- Context: mgr
- Policy: Load Only

~~However, this gives them access to create documents with that Template.~~ What’s your intention with these users? You just dont want them to specify templates at all? Or do you want them even creating Resources?

Edit: Just tested, actually, they cannot create docs with that Template. So adding the Load Only policy should work fine.]]> splittingred May 19, 2011, 09:02 AM https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129983 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129982 Martijn van Turnhout May 19, 2011, 08:59 AM https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129982 <![CDATA[Re: Revolution Security Use Cases]]> https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129981 Quote from: Martijn at May 19, 2011, 01:44 PM

I don’t want the client to create a resource with the denied template. Say "Homepage" template, for example. But, if a resource (created by an Administrator for example) using the Homepage template is already published, the client shouldn’t have any problems editing that document or its TVs.

I see. I know currently that you can edit, however, you cannot see any TVs assigned if you dont have access to the Template. Might be worth a feature request.
]]> splittingred May 19, 2011, 08:57 AM https://forums.modx.com/thread/25318/revolution-security-use-cases#dis-post-129981