Basic question about user accounts and site access

Next topic

Author	Message
Dan Parchman	Sunday 10 May 2009 10:52:15 am I am using the Web Interface package (ezwebin extension) "out of the box" to evaluate eZ Publish V4.1.1 for use in my company's web site. I have studied the book <i>Learning eZ publish 3: Building Content Management Solutions</i> along with the online v4 technical manual, and the two-part article that discusses using sections, policys, roles and user groups to control site access, and have searched these forums for answers to these questions to no avail. My questions: 1. Using the example data supplied with the ezwebin extension, if I add a user in the "Partners" user group, and log in to the site as this user, shouldn't navagation to the "Partners" area of the site be available to this user? It is not available. 2. Shouldn't this user have access to modify his profile? When "My Profile" is clicked I get --------------------------------- Error / kernel (1) Access denied You do not have permission to access this area. --------------------------------- 3. Shouldn't this user have the ability to add to the example forums? When I attempt to acces a forum I get --------------------------------- You need to be logged in to get access to the forums. You can do so here --------------------------------- Any help in understanding why this user has not inherited the "Partner" and "Member" roles along with the "Anonymous User" role will be appreciated. Regards, Dan Parchman Juniper Systems, Inc.
Łukasz Serwatka	Monday 11 May 2009 12:39:46 am Hi, Ad 1. It is working fine with 4.1.1. I have created user under Partner section then after user is logged in, I'm able to see and access the Partners subtree. Are you user you are logged in as Partner user and the user is in correct user group? Ad 2. Editing user profile as Partner user works fine too. Ad 3. Creating forum topics/posts as Partner user works too. I think you did not create user in the correct user group, that might be a reason. Members is default user group where users are register via user/register functionality. Partners is demo user group just to show possibility of protecting some parts of site from anonymous user. Personal website -> http://serwatka.net Blog (about eZ Publish) -> http://serwatka.net/blog
Dan Parchman	Tuesday 12 May 2009 3:07:16 pm Lukasz, Thank you for your reply. The user that I added is in the Partners user group, and has the assigned roles of Partner, Member and Anonymous. As I reported above, no Partner or Member rights are permitted this user when he logs into the site. I have also created a Member user through self-registration. The registration worked correctly, both the admin and the new member received the correct notification emails and the member was activated when the activation link was clicked in the member's email. However, this new member gets the same error (Access denied You do not have permission to access this area.) when he is logged in and clicks the "My Profile" top menu item. Any help in understanding why this is happening will be greatly appreciated. Regards, Dan Parchman Juniper Systems, Inc.
Olivier Moreau	Wednesday 13 May 2009 6:41:02 pm Hi, By coincidence, I was working on same issue, and not very please with existing documentaion so i made this one : For background info, check http://ez.no/doc/ez_publish/technical_manual/3_9/concepts_and_basics/access_control This is a simple guide to create different rights on a eZ publish site. A visitor becomes a novice, than a regular and at least a leader (using Kim's roles for Virtual Communities) 1) Visitor A visitor has the role of Anonymous which gives him very few rights beside viewing (reader) the site. Visitors are not visible in the administrator site. You can only see how many visitors in Administration / Sessions 2) Novice When the visitor register to become a novice, he immediately appears in the user group "Guest Accounts" He receives an email for confirmation if he follows the link his account is activated. Guests have the same rights (same role) than Anonymous but they are in a different view for easier management. If you check the Anonymous role, you'll notice that it contains both the Anonymous users and the Guest accounts. The administrator also receives an email to inform him of the creation of the new account. He should move the guest in the group Editors. This group corresponds to the role Editor. The novice editor doesn't have mush more rights than the visitor anonymous. He can post comments in blogs and forums but he cannot create or modify articles. This is already a good step because it reduces the need of moderation given comments are not anonymous. 3) Regular To allow a user to modify the content, it becomes a bit more tricky. Follow this procedure : a) Create a new user group, for instance the group Regular. b) Move the editor (or the guest) to this group. c) Go in the Role Anonymous and attribute the new group Regular without limitations. d) Go in the Role Administrator and attribute the new group (or a specific user of that group) with limitation to the subtree where he is allowed to make change. The subtree can be just one article or a frontpage. e) Repeat (d) for other section of the site like blogs and forums with the role Editor (or Administrator) This procedure is not very logical because in (c) you should use the Role Editor and you would not need (e). But that doesn't work for unknown reasons... 4) Leader The leaders can do everything on the site and they like to have a private place that cannot be reached by other users (including regulars). Follow this procedure : a) Move the user to the group Administrator users b) Create a new section, for instance the section Intranet. c) Create a frontpage that you call, for instance Intranet. d) Change the section of the new page from Standard to Intranet. Of course you can do more fancy stuff in eZ Publish, like creating new roles for new groups and new sections, but the basic three roles are sufficient for most needs.