I recently updated my instance to 7.7.6 hoping to roll out devolved authoring to the business (about 100 users need to update content) using user groups. I have noticed three issues that I would like to understand/resolve.
1) I have a use case where news lives at the third level of the site. Many of the articles need to link out to other nodes in the site that may be higher in the content tree. If you set the start node at the news node level (3) then the links dialog lookup is security trimmed to only allow linking at point of the start node or its child nodes. I guess this is by design but in my opinion unnecessary as whilst I agree setting a start node should restrict authorship there is no risk of allowing linking. To get round this issue you have add a start node that is at the root of the site and grant browse permissions to the group, which is an OK solution. But this is where my next issue begins.
2) Having set a browse only group at the root node to allow linking from child nodes I now need to introduce a set a second group to allow greater permissions for the new articles. For my site the start node for news is at level 3. However, having already created the first group with start node at a root (a higher level) all nodes from the highest point get granted the same permissions as the lowest group (therefore everyone in the group can publish the entire site now). This i think/hope is a bug as it kind of defits the purpose of layering group permission? It appears to take the lowest and trumps the previous.
3) Lastly, having set a second group on news with greater permissions. It only sets it for the start node and not its children if the node is setup as list i.e. it doesn't cascade permissions to the child nodes. Before 7.7.X there was a checkbox which would allow you to cascade the permissions of the parent to all child nodes of the parent list. As news articles are frequently added I can't use granular permissions to control it but I can't find the replace child permission option anyway.
Given these fundamental problems I wonder if something odd has happened during the upgrade? Has anyone else experienced the same behaviour?
Any comments or advice would be gratefully received.
User group permissions - what has gone wrong
Hi,
I recently updated my instance to 7.7.6 hoping to roll out devolved authoring to the business (about 100 users need to update content) using user groups. I have noticed three issues that I would like to understand/resolve.
1) I have a use case where news lives at the third level of the site. Many of the articles need to link out to other nodes in the site that may be higher in the content tree. If you set the start node at the news node level (3) then the links dialog lookup is security trimmed to only allow linking at point of the start node or its child nodes. I guess this is by design but in my opinion unnecessary as whilst I agree setting a start node should restrict authorship there is no risk of allowing linking. To get round this issue you have add a start node that is at the root of the site and grant browse permissions to the group, which is an OK solution. But this is where my next issue begins.
2) Having set a browse only group at the root node to allow linking from child nodes I now need to introduce a set a second group to allow greater permissions for the new articles. For my site the start node for news is at level 3. However, having already created the first group with start node at a root (a higher level) all nodes from the highest point get granted the same permissions as the lowest group (therefore everyone in the group can publish the entire site now). This i think/hope is a bug as it kind of defits the purpose of layering group permission? It appears to take the lowest and trumps the previous.
3) Lastly, having set a second group on news with greater permissions. It only sets it for the start node and not its children if the node is setup as list i.e. it doesn't cascade permissions to the child nodes. Before 7.7.X there was a checkbox which would allow you to cascade the permissions of the parent to all child nodes of the parent list. As news articles are frequently added I can't use granular permissions to control it but I can't find the replace child permission option anyway.
Given these fundamental problems I wonder if something odd has happened during the upgrade? Has anyone else experienced the same behaviour?
Any comments or advice would be gratefully received.
is working on a reply...