Bug #31873
closed
Problematic by default: No permission for editors/everybody
0%
Description
You have to have a group that's manually given access under the "Access"-module for the tree to give an editor the ability to show,edit,delete pages etc. An editor has to be part of that group, or the effect is he isn't able to see the tree, though he has a treemount for himself.
If an editor creates a page by default the page gets the group the editor is a member of. Other editors can't see that particular page. It would be better if by default a page would get the group-ownership "All users" (in this case), so that other editors can see, edit, delete etc. this page.
Or alternatively "Everybody" should be allowed to edit every page, so that the other problems above don't exist by default.
Updated by Lars Zimmermann over 12 years ago
- Subject changed from By default: No permission for different editors without a group to Problematic by default: No permission for editors/everybody
Updated by Ben van 't Ende over 12 years ago
It seems strange to just give everyone those right allthough it does seems to be done like that in practise. I remember whem implementing that we would recursively change the permissions every time and that it always took some time to realise that this person did not have the correct right because another one created. You can however set typoscript on a particular part of the tree to enforce the permissions upon creation of a page.
Another alternative we used to address these issues is be_acl from Sebastian Kurfuerst. That extension gives a lot more control over permissions. Maybe some extra effort should be done to make that one a core feature.
Updated by Lars Zimmermann over 12 years ago
@Ben: Sounds good with be_acl. I don't know that extension but it seems to improve things...
Updated by Steffen Gebert over 12 years ago
You have to have a group that's manually given access under the "Access"-module for the tree to give an editor the ability to show,edit,delete pages etc. An editor has to be part of that group, or the effect is he isn't able to see the tree, though he has a treemount for himself.
If an editor creates a page by default the page gets the group the editor is a member of. Other editors can't see that particular page. It would be better if by default a page would get the group-ownership "All users" (in this case), so that other editors can see, edit, delete etc. this page.
Or alternatively "Everybody" should be allowed to edit every page, so that the other problems above don't exist by default.
Updated by Jens Hoffmann over 12 years ago
If I got your point right, Lars, I don't think ACL will solve it any way.
The major point of the ACL (Access Control Lists) is to have multiple
Rules on one major Access node (eg. Page with multiple user groups.)
@Steffen: Sounds like a simple plan. #like
For now, the Introduction Package serves this "somehow". :)
As sad in the other Tickets .. let's discuss that topic in general and
than publish our Suggestion or Solution UI/UX wise here.
Greez Jens
Updated by Benni Mack over 7 years ago
- Project changed from 78 to TYPO3 Core
- Category set to Backend User Interface
- TYPO3 Version set to 8
- Is Regression set to No
Updated by Mona Muzaffar over 6 years ago
- Related to Feature #31872: Group hierarchy added
Updated by Benni Mack about 4 years ago
- Status changed from New to Closed
We won't change that as this is "security by default". However, we'll ship out-of-the-box configrable ACLs with ABAC.