Not sure I understand roles and access rules

Topics: Help
Jun 27, 2007 at 9:13 PM
Hello.

I'm looking for some practical advice on how to set up roles and access rules.

In the CSK 2.0, it looks like if i assign a new user to the Administrator role, they can send emails, create events, create news, create photos, edit and delete users.

I'm trying to make this website available to my family. I want allow them to create events, news and photos, but not edit and delete users. I assigned them to Editors and Bloggers (not Administrator) roles and that did not change their access.

How do i allow somebody to create events, news and photos, but not edit and delete other users?

Thanks,
Tony
Coordinator
Jun 27, 2007 at 11:39 PM
Our implamentation of roles isn't really modular. You will have to add a new role for user edits and put yourself in that role. You then must go into the web.config and configure the Admin/EditUser.aspx page to that role.
Jun 28, 2007 at 2:03 PM

z2bass wrote:
Our implamentation of roles isn't really modular. You will have to add a new role for user edits and put yourself in that role. You then must go into the web.config and configure the Admin/EditUser.aspx page to that role.


Hello Zack.

Can you give me more information about this?

I tried something that did not work. I added a new role to the system named "UserEdits". I then added that role to the Admin member. In the "Admin/EditUser.aspx page" section of the web.config, i added "<allow role="UserEdits"/>". I then added a new user, assigned that new user to the UserEdits role.

Nothing changed. That user still cannot add events, news or photos unless i assign him to the Administrators role.

Thanks,
Tony
Coordinator
Jun 28, 2007 at 4:28 PM
Yea... that's the way its supposed to be. Now you can assign everyone the Admin role and only yourself with the UserEdit role. You might need to delete "<allow role="Administrators" />" from your Admin/edituser.aspx section on the web.config.
Jun 29, 2007 at 4:15 AM
Edited Jun 29, 2007 at 4:21 AM

z2bass wrote:
Yea... that's the way its supposed to be. Now you can assign everyone the Admin role and only yourself with the UserEdit role. You might need to delete "<allow role="Administrators" />" from your Admin/edituser.aspx section on the web.config.


Hello Zack.

That did not work. The only thing that accomplished, is reversing the Admin rights. So instead of only Admin having the right to do everything, all other users have those rights and Admin only has view rights.

Here is what i did:
Assigned the UserEdits role to only Admin.
Assigned the Administrators role to all other users.
In the web.config, under the "Admin/EditUser.aspx page" section, i changed the "<allow role="Administrators"/>" to "<allow role="UserEdits"/>".

Any idea of why this is not working?

After looking at the screens in this web site, all i really want to do is only allow one user "Admin", to have the "Manage Users" button appear. I think that is the only thing that i want to change.

Thanks,
Tony
Coordinator
Jun 29, 2007 at 4:53 AM
The solution works. Try clicking the button without UserEdit permissions. It doesn't work, right? It shouldn't. That is the expected result.

The button is the problem. Change line 44 (I think) of the Default.aspx from
manusers.Visible = Page.User.IsInRole("Administrators")
to
manusers.Visible = Page.User.IsInRole("UserEdits").

You will have to go configure the button.
Jun 30, 2007 at 2:20 AM

z2bass wrote:
The solution works. Try clicking the button without UserEdit permissions. It doesn't work, right? It shouldn't. That is the expected result.

The button is the problem. Change line 44 (I think) of the Default.aspx from
manusers.Visible = Page.User.IsInRole("Administrators")
to
manusers.Visible = Page.User.IsInRole("UserEdits").

You will have to go configure the button.


Hello Zack.

I can't agree with you. The buttons still work.

However, changing this "manusers.Visible = Page.User.IsInRole("Administrators")" in Default.aspx and Member\List.aspx removed the buttons and that solves my problem. The Admin can Manage Users, add to events, photos and news. UserEdits can do the same except Manage Users.

Thanks for all of your help. Your knowledge is very much appreciated.

Thanks,
Tony