ADXSTUDIO Web Permissions

<< Remote Desktop + Firewalls | Home | .NET version error when installing EPiServer >>

I've found a little glitch (by design?) in ADXSTUDIO 2006. The scenario is this... I want to give an 'Approvers' group access to approve across the whole site except for a 'Sensitive' folder, that can only be approved my managers.

According to ADXSTUDIO, the way to do this is to explicitly GIVE permissions to the Approvers group everywhere except where I don't want them to have permissions. Yeah right. It's a big site :)

You might think 'no probs, I'll just DENY them access to that one folder'. Nice, in theory... but in practive it spams out a nasty error when you try to do that. I guess it can't handle deny-access being added to an object with grant-access set on it as well (albeit inherited).

Solution? Resort to ADSIEdit. Locate the Sensitive folder within the AD object hierarchy (no, not easy) and take off the inheritance of permissions. I suggest copying the existing permissions otherwise you'll have fun adding them all in. Then just strip everything but read permissions away from the Approvers group.

Now, when someone in the Approvers group tries to edit pages in the Sensitive folder, they get an Access Denied error. In the rest of the site, they are able to edit pages.

Bookmark with :

posted @ Tuesday, July 03, 2007 11:23 AM | in .NET/C# ADXSTUDIO

Comments

# re: ADXSTUDIO Web Permissions

Posted by Shan McArthur

on 8/3/2007 5:42 PM

You can accomplish the same task using the Web Permissions editor included in the ADXSTUDIO CMS product. You don't have to use ADSI Edit. The design you speak of is Active Directory-based and is not an ADXSTUDIO design. It is inherent in all Microsoft ACL implementations. Deny permissions should be avoided because a deny ACL will trump a grant and unless you are extra careful, it is easy to deny yourself access to an object and make it difficult to restore your permissions. All scenarios that could use deny permissions can be implemented with grant permissions and careful planning. ADXSTUDIO shouldn't throw a nasty error though if you use deny permissions - a small bug.

Post Comment

Title *
Name *
Email
Url
Comment *

Remember Me?

Please add 8 and 2 and type the answer here:

Enter the code shown above:

Dan is the

Head of Production

I am currently working as Head of Production at the UK office of Interakting, the pan-european web agency and part of the Business & Decision group.

My main interest is in Content Management systems, and finding innovative ways to give customers the solution that best fits their business processes. Over 15 years of programming experience has shown me that you don't solve problems by simply throwing the best new technology at it!

Outside of work, I am mostly trying to make time be a Dad to my son and a husband to a very busy mum. Apart from that, I love playing soccer and watching sport - especially anything involving England and South Africa.

Microsoft Certified Technology Specialist

Microsoft Certified Technology Specialist

View blog authority

View blog top tags

Site Sections

Article Categories