Allow/Not allow users download attachments in specific pages

Hanh Dang asked on September 25, 2015 10:30

Hi all,

I have a portal website with multiple pages and each page belongs to a partner. The users from each partner can only access to their portal page and download attachments in that page. Everything works fine except the users from partner B can download/view the attachments of partner A page without visiting partner A page by attachment URL

Ex:

Root
  Partner A
    Attachment A
  Partner B
    Attachment B

Partner B Users can download the Attachment A with the URL root/partner-a/attachment-a.

Do you have any ideas to solve it?

Update 1:

User accounts are created from portal page, not in CMS.
There are many partners, and a partner may have many attachments.

Thank you!

Hanh Dang

kentic 8.2 permissions

Correct Answer

Maarten van den Hooven answered on September 25, 2015 19:39

Hi Hanh, I answered to add deny permissions, but it is easier to add only read permission. One user/role a page and give this user/role only read permission and then it is not so much work.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Maarten van den Hooven answered on September 25, 2015 10:45

Did you set permissions on the page with the attachment so that partner A has deny on Partner B page and the other way around.

Here is the documentation about permission on pages/documents ": Document-level permissions (ACLs)

If this answer helped you, please vote for my answer :-)

0 votesVote for this answer Mark as a Correct answer

Hanh Dang answered on September 25, 2015 12:13

Hi Maarten,

You're right but I don't think it is a good way in my case. The portal may have many partners, users and documents. So, it will take a long time to add role/user to the permission of each page/document, do you think?

0 votesVote for this answer Mark as a Correct answer