Hello,

I'm currently running on 2.3.7.5 MSSQL multi site, related sites mode and have a question about permissions for site editors in children sites.  I've never really gotten the permissions exactly as I'd like them to be and am wondering if I'm mis-understanding how they are configured.

It looks to me like all of my permissions for my various roles should be set in SiteID1 and then for each child site set the Site Editor Role to the Editor for that site.  In some cases I have a Role that is a Site Editor for several sites (not all) but for the most part I have one Role per site.

I don't want roles being able to edit or otherwise alter content on sites that they are not the Site Editor for, however, if I have "Roles that can delete files using the file browser in the editor" selected for SiteID1 then an editor whose role is NOT a Site Editor for another site can still log in and view the file manager.  They cannot delete or edit existing files but they can add new directories and files - behavior I do not want to allow.

At this point I thought I must be incorrect  and I should apply such role settings at the Child Site Settings level (not from the parent site) but when I tried saving the role permissions they don't 'take' after I click 'Save' which made me think that I must specify these settings in the parent site (SiteID1) Site Settings page, which leads me to the above-mentioned problem of some permissions carrying over to other sites.

Am I missing something here???

Thanks!

~ B

Joe,

I have observed that if I want the File Manager tab in the grey admin bar at the bottom of my child site, I have to grant the Site Editor access to "Roles that can delete files using the file browser in the editor" in the Parent Site (SiteID1).  If I remove that access from the parent site I lose the File Manager tab in the Child Site. If I set it in the child site and click "Save" and then check to make sure the role is still selected in Site Settings -> Security, it is not.  If I go into the DB and look at the permissions in the 'dbo.mp_SiteSettingsExDef' table the added permission is displayed ... until the next time that I make a change to something else in site settings and resave ... because the check box isn't still selected the permission gets removed.  This is the problem I was having by setting permissions in the child sites ... the only permission I could keep checked was the site editor role.  I've had this problem with v 2.3.5.3 MSSQL and now in the new version as well.

I'm using custom roles - here are the permissions I have set:

Site Editor Role Example (Settings set in Parent Site (SiteID1)

• Roles that can browse and upload files.     
• Roles that can delete files using the file browser in the editor.
• Roles that can manage skins.
• Roles that can assign skins to pages
• Roles that can create root level pages
• Default root level page view roles
• Default root level page edit roles
• Default root level page create child page roles  

Additionally, I am trying to utilize the "Global" content in the feature settings for the html content module.  As the Editor detailed above, I can set the feature instance as "Global" and then check my Role as "Roles that can edit content" for the Global feature page.  I navigate to a different page -> Edit This Page -> Add Existing Content and am given a permission denied message. Do you have any advice for that?
                            

Yes, I'd be interested in getting the new dll from you, although I'm not sure if it will make a difference because I've noticed the same type of behavior in my old mojo install.

Thanks,

Beth

Joe,

Thanks for the dll.  I've got it in my bin directory but it has not made a difference. I touched the web.config and restarted the application in IIS for good measure.  If I uncheck the delete files in the file manager permission for SiteID1 and then check it in the Site Settings for my child site, it works until the next time I click the Save button in the Child Site -> Site Settings because the checked box for that permission doesn't stick. Then the File Manager tab is there in the site but when I click it I get permission denied.

I am also still getting Permission Denied for the Global Content as mentioned in the previous emails.  Am I still doing something wrong or are you not able to replicate the issues I'm having?

Thanks for all of your help,

Beth