Hello, all - I'm hoping that you can help me figure out how to do something - -and I'm hoping I won't hear that we've munged up our security paradigm.
On this site, only authenticated users are allowed to view any pages - all users, when they first authenticate, are added to a role (let's call it "EMPLOYEES"), and the root of the site is set so that the pages require authentication, and EMPLOYEES can view everything.
We want to build another role and call it "MANAGERS", and configure the system so that there's a section where only users with "MANAGERS" role can see them.
The challenge we're having is that our MANAGERS all are, by necessity, EMPLOYEES, and if I set the section's security so that MANAGERS have read access and EMPLOYEES do not, no one can see it because everyone is an EMPLOYEE. But if I remove EMPLOYEES from the access list, EMPLOYEES can still see it.
Would anyone be able to explain to me - or maybe point me towards the resources I ought to use to educate myself - so that I can create a section of the site only available to users in a particular group without having to explicitly create a role for not-users of the pages?
Thanks so much for your consideration!