Hello Team,
We have multiple channels in our project where one of the user is assigned to editor group of channel 1 and author group of channel 2.
While testing this use case, we have found that he is able to perform editor activities for both the channels rather than only in channel 1. we have tried replicating the same scenario in vanilla version of V14.6.0, same has been identified.
Could you please help us in solving this issue ?
For creating groups, users and domains we have followed the steps mentioned in below link. Please let me know if any additional change has to be performed to achieve this case.
Thanks,
Yeshwanth.
Hi there,
I have just implemented a similar requirement and it works fine. You have to be careful which userrole’s(hipposys:userrole) you assign to each authrole(hipposys:authrole) in the domain(hipposys:domain). It is also worthwhile checking your domain rules(hipposys:domainrule) are being applied correctly.
I recommend you remove all configuration(under domains) and add them back in one at a time. Once you remove everything, both test users should have no access. Also, remember that it is best to create two users that only have access to either channel. One last thing, once you have made changes to the domains security(hipposys:domainfolder), ensure you log out and log back in, with the test users.
Hope this helps
Lee
@leeablett
Project/Channel Name: Myproject and MonProject
Attaching groups snapshots for reference. Can you please have a look at it once and let me know what went wrong in my case.
MON Project Domain
definitions:
config:
/hippo:configuration/hippo:domains/content-mon:
jcr:primaryType: hipposys:domain
/content-domain:
jcr:primaryType: hipposys:domainrule
/content-and-descendants:
jcr:primaryType: hipposys:facetrule
hipposys:equals: true
hipposys:facet: jcr:path
hipposys:type: Reference
hipposys:value: /content/documents/monproject
/author:
jcr:primaryType: hipposys:authrole
hipposys:groups:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: [monproject-author]
hipposys:role: author
hipposys:users:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: []
/editor:
jcr:primaryType: hipposys:authrole
hipposys:groups:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: [monproject-editor]
hipposys:role: editor
hipposys:users:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: []
MY Project Domain
definitions:
config:
/hippo:configuration/hippo:domains/content-my:
jcr:primaryType: hipposys:domain
/content-domain:
jcr:primaryType: hipposys:domainrule
/content-and-descendants:
jcr:primaryType: hipposys:facetrule
hipposys:equals: true
hipposys:facet: jcr:path
hipposys:type: Reference
hipposys:value: /content/documents/myproject
/author:
jcr:primaryType: hipposys:authrole
hipposys:groups:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: [myproject-author]
hipposys:role: author
hipposys:users:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: []
/editor:
jcr:primaryType: hipposys:authrole
hipposys:groups:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: [myproject-editor]
hipposys:role: editor
hipposys:users:
.meta:category: system
.meta:add-new-system-values: true
type: string
value: []
Please note , i have created a user “mon-editor” and i have assigned monproject-editor and myproject-author groups to the user. attaching snapshot for reference
Please let me know if you need any further information.
@leeablett
I have replicated the same scenario by adding “english-authors” group to the french-editor user in go green project.
Please find below link -https://cms.demo.onehippo.com/
Hi Yeshwanth,
I’m replying here in the same manner I’ve replied the (your?) support ticket:
This finding is caused by the xm.channel.webmaster userrole that is present on myproject-editors group. It gives editing rights (channel-webmaster permission) to all HST configurations, so making no distinction between HST configs of the French and English channels.
To get this straight, you’d have to split the xm.channel.webmaster role into webmaster roles per channel.
Haven’t tried it, but it looks like you need siblings of /hst:hst/hst:domains/hstconfig, granting editing rights to specific channel and channel-preview configurations.
HTH
Jeroen
