Why won't page-level permissions allow a user to edit?

Don Rea asked on October 11, 2021 23:06

According to the kentico 11 doc (https://docs.xperience.io/k11/managing-users/configuring-permissions/configuring-page-permissions/page-level-permissions-acls) it is possible to give a specific user permissions to edit a page or part of the page tree. I created a user account for this purpose, giving it the Privilege level Editor. Then I went to the top page of the section I wanted it to be able to edit and added that account under Security. Then I selected that account and checked the boxes for Read, Modify, and Browse tree. But when I log in to the site as that user and browse to that area, I see no way to edit the content. It simply appears as it does to any user.

Obviously there's some big piece of this that I'm not yet understanding. Can someone help point me to what it is?

Recent Answers

Juraj Ondrus answered on October 12, 2021 10:00

Configuring permissions can be tricky as there are many combinations and permission levels. With the Editor privilege level you just said that the user can get to the Admin UI. Then, for other actions you need to configure the permissions, in this case permissions for content module. Or, for particular page types. How are these permissions set in your case?

I would recommend using the security debug. In browser A log in as admin and go to the debug section, load the security debug. In browser B log in as the user in question, go to the UI section you want. In browser A clear the debug log - so you will get the log only for the action you need. Switch to browser B and perform given action as the user. Go back to browser A and load the Security debug - here you will see what permission is denied or allowed so you can adjust them accordingly.

0 votesVote for this answer Mark as a Correct answer

Don Rea answered on October 12, 2021 19:01

I can see how this would be helpful if I had any idea what I'm looking at, but I'm afraid I don't. For example, I can see that the operation CheckPrivilegeLevel returns True for the Editor permission. But this user still has no tools for actually editing anything on those pages, where I would expect it would. Surely there is more detailed documentation somewhere, and just stabbing in the dark and seeing what happens isn't really the only way to approach this? Or is it?

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on October 13, 2021 05:30

If the user is not able editing, I would look for FALSE and denial permission as these are taking precedence. There are many combinations possible and I am unable to tell what exactly could be wrong. I would maybe recommend going through the entire documentation section on permissions to understand how the permission model looks like and work + there are also examples.

0 votesVote for this answer Mark as a Correct answer

Don Rea answered on October 18, 2021 18:35

The only permission returning False that seems like it might be the culprit is cmsonsiteedit. I have no idea what that means or how to change it; Google has literally no results for that string.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on October 19, 2021 05:54

The cmsonsiteedit permission is needed if you want to enable on-site editing. IT is really hard to tell like this. I would need to see screen shots of the user roles, ACL permissions set for the page and its parents as well as the permissions set for the content module. Would it be possible to provide me with those screen shots?

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.