I have a portal website with multiple pages and each page belongs to a partner. The users from each partner can only access to their portal page and download attachments in that page. Everything works fine except the users from partner B can download/view the attachments of partner A page without visiting partner A page by attachment URL
Partner B Users can download the Attachment A with the URL root/partner-a/attachment-a.
Do you have any ideas to solve it?
Hi Hanh, I answered to add deny permissions, but it is easier to add only read permission. One user/role a page and give this user/role only read permission and then it is not so much work.
Did you set permissions on the page with the attachment so that partner A has deny on Partner B page and the other way around.
Here is the documentation about permission on pages/documents ": Document-level permissions (ACLs)
If this answer helped you, please vote for my answer :-)
You're right but I don't think it is a good way in my case. The portal may have many partners, users and documents. So, it will take a long time to add role/user to the permission of each page/document, do you think?
Please, sign in to be able to submit a new answer.