Item Level Security and url not working
Hi,
I have a SharePoint 2010 web application for internal users with windows authentication that contains a infopath forms library with content approval enabled. This web application is extended as extranet for external sites and it's using forms authentication
and all the users are in a group that has read permissions. What we are doing is to create infopath files in the internal site and give permissions to certain groups so external users can access these infopath files from the external site.
Everything works fine we create a infopath form and its status is draft so users in the external site cannot see the files at that moment until the file is approved. If we remove the permissions from a group the user has not access to the item (file) in
the external site which is ok, the user can't see the file BUT if the user tries to access the file through the URL directly the user has access.
In conclusion the user has access to the item when its group is assigned to the permissions in the item and the user can see the file in the library.
If the group is removed from the item the user can't see the file in the library but the user can still access the file using the URL pointing to the infopath xml file directly.
It is worth to mention that we tested the same in a none content approval form library and users have not access using the URL.
I hope i explained myself correctly, any help would be much appreciated.
Does the library have versions enabled? Also are these logins occuring within word/excel etc?
If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
want to.
Similar Messages
-
Item Level Security and opening documents Login Prompts
Hi all,
Someone has created a document within a specific document library. On this Document Library we've set the Item Security per Item. We assigned Read Permissions to a couple of users to this document.
When users try to open the document it comes with a couple of Login Prompts each time the user opens the documents. When other document libraries with normal permissions it doesn't show the Login Prompts.
Why does these Login Prompts come up?
ThanksDoes the library have versions enabled? Also are these logins occuring within word/excel etc?
If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
want to. -
Item Level Security - Performance impacts
We are planning to use Item Level Security but have read in the help that this means folder caching is not used. This will mean a performance degradtion.
Has anyone used Item Level Security and ran into performance problems ?
If so any guidelines on what is an acceptable limit in turns of size of content areas, number of items etc.
Thanks
Simon.I'd appeciate a reply as well. For now I've been using content as a PL/SQL stored procedure in a package and then wrapping is_logged_in code around it. It works but isn't cusomizable.
-
Item Level Security not working with Tabs
I've Portal 9.0.2.2.22
This issue is with Item Level Security with Tabs. Here is what I've have:
Page Group: MyPagegroup (Privs: portal => Manage All)
Page: MyTestPage (Privs: portal => Manage All,
testUser => View)
There is a tab called MyTab on page MyTestPage which has two items (simple images) image1 and image2. The tab's access privs have been set NOT to inherit from the page. The public check box has not been checked for the tab. I've specifically assigned access privs to the tab.
Now here are the two scenarios that I'm having problem with:
1) MyTab (portal => Manage All, testUser => view)
image1 (ILS enabled: portal => Manage All)
image2 (ILS enabled: portal => Manage All,
testUser => View)
When logged in as "testUser", I still see both the images on MyTab although image2 doesn't have view priv to testUser. My expected result is to see just image2 on the tab.
2) MyTab (portal => Manage All)
image1 (ILS enabled: portal => Manage All,
testUser => View)
image2 (ILS enabled: portal => Manage All)
When logged in as "testUser", I still see NO images on MyTab although image1 has view privs to testUser. I would expect to see image1 on the tab.
Question: In both the above cases, the tab privs seem to be dictating what the user sees regardless of what the item level privs are set to. Is this normal behavior or a bug? If a bug, is there a patch? Is there any way so that even after setting the tab privs, I still have finer control of what the user can access through item level privs?
If I don't put the items under a tab, then things work as expected.
thanks
Lalit Agarwal
Vienna, VA
703-521-5200 x3610This is a known problem with the 9.0.2 release - fixed in 9.0.2.6.
Regards,
Jerry
PortalPM -
Item level security not working when placed in a portlet page
I have three page links linking to separate pages and have two of them with item level security turned on for specific groups with view privilges. I have the access for those groups with view privilges in the page level as well. I have published that as portlet and placed the portlet in another page which has view priviliges for the groups specified in item level as well.
But I notice that when i place the portlet in a page, the item level security is not working.
Item Level Security Not Working for Items Placed on a page and published as portlet and placed in another page. Is there some work around for this.
Thanks
ValliWould you please clarify for me? Is the problem that unauthorized people can see the portlet, or that unauthorized people can see the links?
-
Access Tab not showing for item level security
I have enabled item level security for the portal page I am working on, but the access tab for the items is not showing.
I have come accross exactly the same problem on this forum and the advice was:
Hi try the following :
go to page properties
set the item level security
clear the cache
clear your browser cache
it should work "
I have tried all that, closed and opened a browser but the access tab is still not showing. This is a 10.1.4 portal on LINUX. Starnge enough I have a testing environment installed on my Windows XP (AS 10.2.0.2 not upgarded to 10.1.4) and I don't have any issues with item security access tab at all.
I would appreciate any clues.
Regards,
AnnaThere should be two icons shown for each item when you put the page in Edit mode - Edit and Actions. Click on the Actions icon and "Access" should be one of the links in the list of actions (like hide, expire, delete, move, etc.)
-
WWSBR_ALL_ITEMS and item level security - BUG?
Hi,
View WWSBR_ALL_ITEMS does not seems to work correctly when using item level security on a folder.
If I add an item to a folder with item level security enabled and do NOT define any special access settings for this item, ie the item setting is "Inherit Parent Folder Access Privileges", then the view does not return the item.
Has anyone else run into this? Is it a bug?
Any help appreciated.
Portal 3.0.9.8.0
Oracle8i Enterprise Edition 8.1.7.0 - 64 bit
IBM AIX 4.3.3I've been informed that patch 3.0.9.8.2 will solve the problem. Sorry about the double post.
-
Categories and Item Level Security
Hi,
We have implemented item level security on our pages. We also use Categories so that a user can retrieve all content that falls into a particular category easily e.g. address books or Policies and Procedures.
The desire is that if a user clicks on a category and an item the user normally would not see because of item level security on the page where the content is located, then the user should not see that item among all the other items returned by the category search.
What is happening is either that a link to the item is returned among all the other items in the category or we get an access error for the entire category.
We have tried playing with the settings on the template used for the category and with the access on the category result page but have not found the magic bullet yet.
One other interesting behavior in the situation where the restricted item is visible in the returned category search is that clicking on the Page link (instead of showing the page group the item is on, we show the link of the page the item is on)it takes us to the page and the display link for the secured item is now visible followed by what looks like a "smudge" type of character. The item's link can then be clicked and the item's content is now available to the user.
Thanks in advance for any help,
PeterTabs don't work with Item Level Security in 9.0.2. Fixed in the upcoming 9.0.2.6 release.
Regards,
Jerry -
Item level security, workflow and tab problems
was wondering if someone could help us out with some problems we are having. We need to up and running over the next two days so anyone who could get back to us pretty quickly would be greatly appreciated.
We are actually having a couple of issues which all revolve around three
groups we have created (for simplicity we have only attached one user to each group). Here are the steps we took:
Problems adding content:
a) Added the three groups to the page group and gave them view access.
b) Turned on approvals and set group3 as the approver.
c) Added the three groups to the page and gave them view access.
d) In the page properties, I enabled item level security.
e) Added an item content area to the page.
f) Added three pieces of simple content
g) For content item1 I granted granted full access to group1(Own, manage, view), for content item 2 I granted full access to group2, etc.
h) WHen I log on as a user in group1 I only see content item1. HOwever, when I edit the page I find I cannot add any items as user1.
i) I went back to the page properties and changed the access of all three groups to "manage items with approval" but let the item level security as it was.
j) When I logged on as user1 I found I could see all items now when I should only have seen content item1. What the hell? Can anyone tell me what I did wrong?
Problems with item level security on tabs:
a) Repeat steps a) through d) above.
b) Create a content region and add three tabs: Home, Work, Life.
c) On the Work tab changed portlet region to item region.
d) Added three items with security exactly as I did above.
e) When I signed on as user1 I saw all three items when I only should have seen item1. What the hell?
f) I monkeyed around with the secutiry at the tab level but it didn't seem to make much difference. ANyone have any ideas what is going on here?
Thanks in advance.Does the library have versions enabled? Also are these logins occuring within word/excel etc?
If there's multiple login prompts which occur even if entering valid credentials what does hitting escape (after the first prompt) achieve, does the document open anyway?
There's a situation where Office will prompt for credentials if you open a document when you've only got read access but there's a version history (to which you don't have access). This is to allow you to enter more highly privelidged credentials if you
want to. -
Item level security not available to accounts with manage content?
Though I'd post this here before trying metalink.
Environment: App Server Portal 9.0.4 (10g) on Win200
The scenario:
I have set up a page with one item area. This is set to be a portlet on another page and act as a message board.
I wish to set up a group of users to maintain this message board, but restrict their access any further.
Setting a user up with 'Manage Content' on the Page properties almost does this. It allows them to Enter/Edit/Move or delete items but pretty much no more which is exactly the level of access I require.
What it doesn't allow, when they add or edit an Item, is the ability to change Access permissions.
The page has 'item level security' ticked, and a user with higher 'Manage' access can set access permissions on items, for example only allowing a certain group viewing an item, but it also allows them to manipulate the page which I do not want to permit.
Is it possible that 'Manage Content' level users can also set access on items?
Thanks.Resolved, it appears that access can be set after item creation using the edit. a little quirk.
Also I was trying to set access on an item created by the 'manage' user, which was beyond the 'manage content' users scope, and not a practical situation. -
Item Level Security, Portal 10.1.4, Search
I'm working on a project that uses ILS (item level security) in portal 10.1.4.
I need a custom search portlet that retrieves all the items that can be viewed by a certain group.
Explicitly, if there are 3 items: I1, I2, I3, and 3 groups G1, G2, G3, having the view permissions distributed like below:
for I1 - any user from G1 and G2
for I2 - any user from G2,
for I3 - any user from G1, G3
I want to be able to select all the items for a certain group - say G1 will retrieve I1 and I3 ; or G2 retrieves I1 and I2;
Can this be done in a custom jpdk portlet ? If not, is there any other alternative to achieve this ?
Thank you,
ClaudiuWell the URl is relative to the initial path and as a result you do not get the fully qualified URL.
This is done in this way to help create human readable URL's and thus should not be tied to a machine name and port and could be just xyz.com/..... -
Edit Folder link always is visible if Item Level Security is enabled
Hi,
When Item Level Security is enabled in a folder, it show the 'Edit Folder' link, instead if the user is not authenticated.
Does anybody know how to remove this link???
Thanks.We to have experienced this behavior. Is this a bug?
The Edit Link generated does not allow the user to "edit" any items, but shows the Administration link. This is not a good thing. This makes using Item Level Security very difficult, from the standpoint of User Interface and confusion.
We are looking into creating a portlet to dynamically generate an "Edit Folder" link to replace the current one. However, we have doubts this will work.
Dean
- Solaris
- Portal 3.0.9.8.2
- 8.1.7.3
(Awaiting Release 2!) -
How to use Item Level security
I am working on portal 9.0.2.6.18.
I have a folder with 1000 items. I want to grant groupA
access to 997 items and
(Group B,GroupA) access to 3 items.
How do i do this.
Here is what i tried:
1.enabled item level security on folder
2.granted folder level access to groupA and groupB
3.Changed access of 997 items to grant access to GroupA
4.Did nothing to the 3 items which i wanted to give access to GroupA,GroupB
Is there a better way of achieving this?
I am not really comfortable granting folder level access to groupB, because if i miss overwriting privileges of an item (in step 3), then groupB will have access to that item. I would love to change just 3 items because they are the exception.
How is this feature supposed to be used?
Thanks
HarishMartin,
Thanks for the reply. I just cited 1000 items folder as an example. We have various complex combination of security requirements for folders and items. So creating sub-folders for each combination will not work for me.
Everytime the security requirements change we have to move the items around, which can confuse users. And sometimes we have to create sub-folders to workaround the item-level security problems even when there is no logical business classification to a set of items.
Harish -
Hi forum,
I have a page group in portal 10.1.4 say pagegroupA with several sub pages beneath it. Item level security (ILS) has been enabled for the page group and the option display page to public is checked. I am trying to enable ILS such that if userA posts to any page in this pagegroup, he should be able to see only his content. Similarly, userB should be able to see only the content that he posts. UserA is a member of groupA and userB is a member of groupB. I am using the enable_ils_for_item and add_item_ils_privileges API to achieve this.
<p>
Wwsbr_Api.enable_ils_for_item( p_master_item_id => masterthingid, p_caid => pagegroupA_ID, p_folder_id => someSubPageInPagegroupA_ID );
portal.Wwsbr_Api.add_item_ils_privileges(
p_master_item_id => masterthingid,
p_caid => pagegroupA_ID,
p_folder_id => someSubPageInPagegroupA_ID,
p_itemview_group =>arrayOfgroupA_ID );
This seems to work in that when the user logs out of portal, the item is not displayed to the public. However, when userA logs in, he can see items posted by userB and vice versa (userB can see userA's items). Am I missing something either in the code, page group configuration or user setup?
ThanksI recommend you using the wwsbr_api only for managing content (that includes enabling the ILS for a page). But for assigning privileges to items, pages, whatever, I recommend using wwsec_api (set_user_acl, set_group_acl, etc). It is more reliable.
PS: This would be a good post for a more specific forum: Portal Developer Kit (PDK) -
Hello:
Requesting clarification on a Content API question in 10G
Using the APIs, I have created a Page and an item heirarchy in the same page. Now in order to assign item level security, I need to call the following API to "enable" item level security on the specified item -
wwsbr_api.enable_ils_for_item(
p_master_item_id => v_category_id2a
,p_caid => v_page_group_id
,p_folder_id => v_new_page_id);
However, this throws an exception wwsbr_api.ILS_DISABLED
meaning -
"The page does not allow Item Level Security.
Cannot add item specific privileges."
But, how do we programmatically "enable" the Page to have
Item level security. - analogous to checking the box in the Page edit mode for "Enable item level security"
Thanks
-AnanthI'd appeciate a reply as well. For now I've been using content as a PL/SQL stored procedure in a package and then wrapping is_logged_in code around it. It works but isn't cusomizable.
Maybe you are looking for
-
Service Manager 2012 R2 - Workflow Error - Event ID 4513
Hi, We started to suffer a Workflow error in Service Manager 2012 R2 2 weeks ago. We noticed through the failure of some SLOs not being applied on Work Items. The error is the follow: Log Name: Operations Manager Source: HealthService Dat
-
How to create a task flow in webcenter?
Hi There, I have a code fragment and that fragement is re-used across muliple pages in web center site. My requirment is to create a task flow based on this fragment. I found some links but all are referring w.r.t WebCenter Spaces, which I am not int
-
Segmentation fault: 11 After updating to Yosemite
com.apple.xpc.launchd[1]: (com.apple.FolderActions.enabled[31433]) Service exited due to signal: Segmentation fault: 11 Hi there. I keep getting these messages in my console log. Thousands of them. I'm just after updating Mountain lion to Yosemite an
-
CF 8 and prepared statement RETURN_GENERATED_KEYS
It seems that for CF 8 is using RETURN_GENERATED_KEYS when creating prepared statements. Is there any way to change this behavior?
-
Address book doesn't sync with Outlook 2011 for mac since installing Lion OSX.
Neither automatically nor manually. Can anyone help please?