Hi there!
I am trying to figure out how I can protect certain resources from deletion
My clients are very creative and I need to kind of restrict them a little hehe
I have been trying to create a Resource Group and add the resources to it. But I havenât managed to set it right yet⌠you know some nice tutorials maybe? I will look through the documentation again, but I find it hard to get a hang of it.
Im actually having a similar issue like in the link you send.
Did this:
So I created a user-group, called admin, and added client-user as âmemberâ to it.
I then created an access policy called âadmin content editorâ and gave it rights to delete stuff.
Then in âcontext accessâ I gave web and mgr this content editor access policy with a minimal user role of âmemberâ.
Created a resource group called âAdmin Editorâ
Within the admin usergoup I changed Resource Group acccess by adding âAdmin Editorâ with an access policy of âload, view, listâ and min user role of member.
Consequence: The client can delete all he likes (even if a resoruce is part of resoruce group âAdmin Editorâ)
â> When I turn it around (so I change Context Access to policy âload, list, viewâ and in Resource Group access to âResourceâ), then the client cannot remove anything at all.
Imo, itâs usually easier to apply permissions if you put people with different access needs in different user groups. It makes it a lot simpler understand and to diagnose problems.
Once the user has been removed from the group youâre in and put in another group, you can change the policy in the ACL entry that lets that group use the Manager.
Duplicate the Administrator policy, and in that duplicate policy, uncheck all the delete_*** permissions. Also uncheck access_permissions (so they canât change their own security level and yours). Uncheck any other permissions you donât want them to have.
Then use that policy in the Context Access ACL entry for that user group for the âmgrâ context.
That will prevent them from deleting anything anywhere in the Manager without needing resource groups.