What are best practices for handling security / permissions to pages

Mark Fasel asked on December 7, 2015 19:43

I'll give you a basic idea of what we are trying to do.

We have key pages within our document tree that we have restricted access and require authentication. That all works great, however we have users that are organizational users and are part of a role we define when they sign up. We don't want to give access to this content to all users that authenticate and as such set up permissions against that general role.

The issue we are running into is that if we then add another role or say a specific user to grant access to a page that already has restrictions set up based on another role, it doesn't work and it still blocks access.

So our question is, how should we be handling content that we want to require authentication but not allow access by everyone...

Let me know if you need additional clarification. Thanks!

Recent Answers

Brenden Kehren answered on December 7, 2015 19:52

What I'd do is create a role for those users who are allowed to be authenticated and have access to any part of the content tree. Then start working your way down from there. Think of them as containers holding people. If you have access to someone in a networking role with experience with Active Directory, you might talk with them as they could probably paint a better picture.

0 votesVote for this answer Mark as a Correct answer

Mark Fasel answered on December 7, 2015 19:57

I see what you are saying...that makes sense. The issue we have is that we provision new users using SSO through our organization and they get added to a role that is generic for authenticating users to the system. However inside a folder that contains pages we want to restrict access from our SSO users to more specific users that are allowed...

So this folder should require authentication and not allow anyone that doesnt have permission to access...this includes authenticated SSO users. Now say we create a new role for this, which is fine...however each page inside this group we would want to restrict access to unless you are in role for the page or a specified user (not sure if that part makes sense)...at the same time we want to allow say admins the ability to still access anything...

Does that at all clarify what I am looking to do?

Thanks

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.