[opencms-dev] Question Permission assignment

Thomas Schmidt t.schmidt at md-network.de
Mon Aug 22 15:49:59 CEST 2016

i have a relative simple OpenCMS (10.0.1) setup with a singe Website and just a few users (some Admins=all permissions, some users = just editing (a few) pages), which are grouped in „Users“ and „Administrators“. I have only the root ("/„) OU.   

Now I have a few special pages (which are in folders) which I want to protect against changes by the „Users“ (but „Users“  should be able to read). 
Therefore I used the explorer and and changed permissions of a folder which should have this kind of protection. 
I removed for „All others“ all rights (should not be visible for all others) means i set it to „-r-w-v-c-d“, to the „Users“ group I gave  "+r-w+v-c-d“, means read and view is enabled all other (especially write) is denied and for „Administrators“ i gave all rights. For all settings i set „Overwrite Inherited“ and „Inherit on subfolders“ so all pages in the folder should be protected. 

BUT: a normal user is still able to edit the page (I have still the Edit Points, i can still save the page) - even if i apparently prevented the „Users“ groups to be able to write. However i denied direct publishing which works.

I tried that as well for single user (prevented write and publishing) - here as well - it is still possible to save - but not to publish - even if write is forbidden.
I tried this as well with 9.5.2 - and same behavior. 

Only rights which are apparently working are „direct publishing“ and „read“ - if i prevent those the user/group cant open the page or cant publish it. Write always works as long read is enabled.

So if i want to protect some files/pages/folders from being written by a special user or group - how to do that ? is this behavior expected ? do i do something wrong (most likely ?!) ?

Many thanks
Kind Regards
Thomas Schmidt

More information about the opencms-dev mailing list