I am working on an intranet-based site where all pages on the site should be protected by login.

Only "authenticated users" should be able to see the pages by default.

Normally, when I click the icon to add a new page, the default setting under the "Security" tab is that the page grants permission to "All Users" to see the page. This checkbox should be un-checked and instead, the "Authenticated Users" should be checked. I now do this manually for every created page. It is not so convenient and it may be easy to miss out a page.

Is there some way to set this security property hierarchically or site-wide, so that all pages require the user to be authenticated, regardless of how it is created? Or, is there some way to make the page inherit all the settings on the "Security" tab from its parent, recursively? This would be much easier to manage, in case some branch or sub-branch needs specific protection and there are many pages below.

Advice appreciated!

Hi Joe,

Thanks for that, but what I am really looking for is a checkbox saying "Inherit from parent". The "template"-style approach will not help management of existing pages effectively.

For example: Roles that can view this page > Inherit from parent page - check! (all other options are grayed out but shows the parent's setting)
Same thing for Roles that can edit this page, Roles that can create pages: all should allow "Inherit from parent".

I am a bit worried about the huge clicking effort for making security changes to a large site installation without such inheritance! Without this, it will create some kind of dis-incentive to use fewer pages if there is a slight hint of future security changes needed.

The suggestion of how to set checkboxes should only be used for new pages _without parent_. If the user is creating a child page, the parent's settings should be inherited by default. It makes sense for file systems and most hierarchies (if you can't get through the entrance, don't bother the rooms). This may also be useful for other settings (caching, show breadcrumbs, etc) but my top concern is really security.

So, on page access, if a page inherits its parents settings, the system would check backward until it finds a page that does not inherit (ultimately, this will at least be true for the root, if no other page).

Hi,

I need to protect my site from anauthenticated users temporarely (while the site is in development stage) so i need to restric acccess to all pages, but not by setting default pages access  and i tryed authorisation tag mentioned above but it works not too good - namely it also blosck access to css handlers to unathenticated users. So users see login page but it looks ugly - any other ideas?

So far i put dummy index.html page to hide the site from accidential visitors. But it would be good to have some better method.

Thank you.

Regards,

Victor

Loking forward, thank you.

Regards,

Victor