I am making a project and it has three types of users. My problem is I want the first 2 category of users to be able to access the information and for the third kind of user i want to display the access denied page. I know I have to combine the conditions and events in Rules under configuration page of Drupal but I am not able to get the result I want.Please help me.
If what you want to deny access is a content type, then check this module: http://drupal.org/project/content_access
Basically, it adds custom access rules for every content type in your Drupal installation. You can select the role and the the access type from the content type administration page in admin/structure/type. Also, it can show different access options depending on the node.
if you want to deny access to individual node this module node access that "override the permissions for a given content type by setting permissions on an individual node".
Related
In my site the guest users have access to the flow and they able to run the flow and even create records. When the flow try to find the created record the next error accrue:
Because Get_Record is passed to an action, subflow, or Lightning component, store the values of all Request_for_ChemTox__c fields that the running user has access to.
I gave access to every field for that user and still keep getting this error.
Any ideas?
It's probably not field level security (~table columns) but whole record's security (~table rows).
Check your site/community/experience settings as described in this article: https://help.salesforce.com/s/articleView?id=000352970&type=1. If there's something set - the ownership of created record is immediately transferred over to that internal user and guest loses visibility. It sucks but it's there to protect you, makes sure that if you have for example Leads or Cases submitted by guest users - they immediately "disappear", guest/hacker can't report on them, experiment with IDs in the url to learn other people's data...
You can Check Setup -> Sharing Settings for this object and create new sharing rule. (I can't upload image right now but start making new sharing rule with step 2 "rule type = Guest user access, based on criteria")
https://help.salesforce.com/s/articleView?id=sf.networks_guest_record_default_owner_best_practices.htm&type=5 has some good tips too:
If you’d like to create a different experience for guest users, use
flows in System Mode to redirect guest users to a different custom
screen after they create a record
I have created an integration profile CORE_AKTANA_DI through which data for objects will be loaded into my Salesforce instance through a third-party user. I have provided "View All" permission for all objects to that profile. However, since this is a global Salesforce org, hence, there is data for other countries as well in this instance.
I want the user with the profile to see only data of France i.e with country "FR". In this case, my only choice is to:
Remove the "View All" permission of the profile from all objects.
Give the user a role such as "FR-Corp".
Create sharing rules for all objects with "Private" OWD and share with this role.
The problem is that since this is an integration profile, I cannot assign a role to the user with this profile. Also, it is not plausible to create sharing rules since there are a lot of objects with private OWD.
Same problem occurs by assigning the user to a public group, i.e a lot of sharing rules need to be created.
In this case, please suggest me the easiest possible options.
Actually, how to solve your issue is dependent on business process you are trying to implement. There are few ways:
sharing by hierarchy: setting proper roles and checking 'grant access using hierarchy'
sharing rules: setting proper sharing rules, owner/criteria based
manual sharing: using button
sharing using apex: using share object of any corresponding object
I think, this document will be useful for you.
I don't think what you say is correct:
"The problem is that since this is an integration profile, I cannot assign
a role to the user with this profile."
In my org we have a few integration connections. Each connection is anchored by a SF user license which has both Role and Profile. You should likely give the integration it's own user license and name the user something like "Integration (Fr)" Set the Roll up with appropriate hierarchy position, permissions and sharing rules and once you've done all the token resets needed set as API login only & password never expires. That should do it unless I'm missing something.
I have a requirement for hierarchical user management system
where I have 3 hierarchies:
User
Manager
Admin
Now, Admin should be able to get a list as well as edit registrations with role 'User' as well as those with role 'Manager'.
'Manger' should be able to get a list of of registrations with role 'Users' and should be able to edit them.
I had thought of proceeding like:
router.get('/:role',auth.isAuthenticated(),auth.hasRole('admin'), users.findByRole);
where hasRole defines the minimum level of role required to access/edit the data.
However, I do not want a Manager to be able to get the List of admins or edit the list of admins.
It should have access to users list only.
This links suggests using bitwise operatorsbut I am pretty confused with the idea of integrating this piece of code with backend i.e saving and retrieving data from mongo db . Can I please get some pointers?
Look at this project: https://github.com/arthurkao/angular-drywall
This is good MEAN-stack based web app template with user management.
I want users to participate in creating some content. I allowed them (people/permissions) to create own content on particular content type. The question is: how to provide them access to fields of content type, that are available to me as administrator? In other words, I can put content in fields through my admin panel, but how to make users possible to meet that fields, how to make fields public?
Thanks in advance!
Using the fields permissions module. This will allow you to set field level permissions in Drupal 6 and 7
https://drupal.org/project/field_permissions
I am using Acl in new web app.
in my app there are four groups of users.
I have given $this->Auth->authorize = 'actions' so that it will check the permission for actions automatically.
my problem is some of the actions such as change Password,edit profile,etc...
are common to all users.
But now i need to create each record for the permission of each users in acos_aros table.
this is too annoying
1) Is there any way to give permission to all types of users with a single allow statement?
2) Is there any way to allow and deny user by checking whether parameter is passed or not?
that means i need to give permission to pass parameter to an action for a specific user. If any other user pass the parameter and try to access the data i need to deny them.
whether row level access control can be done with ACL?
Any help will be appreciated.
Thankz in advance :)
If you put a $this->Auth->allow('action1','action2'...) into your beforeFilter() of the controller, access is granted to all users. If you need an ACL-only solution, you have to create a parent aco to which all other acos you want to allow are children. Then grant your users the rights on the parent.
The ACL plugin from the bakery could come in handy, if you already have your ACL tree structure.
For building the ACL tree structure the build_acl() script in the tutorial at the end of the cake-manual is useful.
Allowing to pass the parameter for all users and checking their role in the action is not an option?
the solution for the 2nd problem is here
but this is not implemented using ACL :(