Hi.
I’m turning crazy with mgr limited editors permisions.
After adding all the site resources to a resource group called AllDocs and protecting it, I have put 2 of the resources (of type collection) (ex. News and Offers), within a resource group called EditorsViewOnly.
I have created an ACL for those assigned to the Editors user group, with permissions only for add_children, load, list and view.
So far, so good: Editors only see the News and Offers resources in the manager, and they can create children but not edit, delete or publish neither News nor Offers.
The problem comes from removing the settings permission in the ACL from the context access of the Editors, so that they cannot see the system settings menu in the manager.
Doing that, when Editors try to create a child resource, a white page with error " An error occurred… Denied access" appear. But, if they doit with Quick Create, it work perfectly…the modal window appear and the resource can be created.
So I’m going crazy (more, if possible) trying to find out why the settings permission is violated with the normal creation of a child that is not violated with quick creation.
May be another way to hide Configuration Menu for Editors?
Thanks.
Are there any TVs on that resource or assigned template which might lack permissions to view/edit?
Yes, but…
I have them hidden in the custom forms for the editors, and I’ve created access permissions to the respective elements categories (for the Editors user group).
But no success.
I’ve even tried a new template without access to any template variables (and setting it as the default template).
It didn’t work either.
To clarify, do you refer to the ability to got to system settings (the cog wheel in the top right) or the settings tab in a resource?
System Settings (the cog wheel in the top right). Permission name settings
Are you able to go to the access policy for this user type, sort the Enabled column decending so that it groups all the selected permissions at the top and take a screen grab so we can see what you have enabled? It might take a few screen grabs to get them all. Or you can select the text from the grid and paste it here. See the example below. This is a content editor that has limited permissions.
change_profile
User can change their profile.
class_map
To view a list of classes in the Class Map.
countries
To view a list of countries.
delete_document
To delete or remove any Resource.
edit_document
To edit any Resources.
frames
To use the MODX Manager UI at all.
googleanalytics
To view the Google Analytics data.
help
To view the Help page.
home
To view the Welcome page.
list
Basic permission to "list" any object. List means to get a collection of objects.
load
Basic permission to "load" any object, or be able to return it as an instance at all.
logout
To be able to logout as a user.
menu_reports
Show the top menu item "Reports".
menu_site
Show the top menu item "Site".
menu_support
Show the top menu item "Support".
menu_tools
Show the top menu item "Tools".
menu_user
Show the top menu item "User".
new_document
To create a new Resource.
resource_duplicate
To duplicate a Resource.
resource_tree
To view the Resource Tree in the left nav.
save_document
To save any Resources.
source_view
To view and list Media Sources.
tree_show_resource_ids
Show the IDs in the Resource tree.
view
Basic permission to "view" any object.
view_document
To view any Resources.
view_template
To view any Templates.
It’s dificult to copy but easy to explain. With a duplicate of the default Administrator polici, with all permissions checked but the settings one (not checked) the problem appears.
about
The About page.
access_permissions
Any Access Permission-related pages and actions.
actions
The Actions page.
change_password
User can change their user password.
change_profile
User can change their profile.
charsets
To view a list of charsets.
class_map
To view a list of classes in the Class Map.
components
To view the Extras menu.
content_types
The Content Types page.
countries
To view a list of countries.
create
Basic "create" access on new objects.
credits
View the Credits page.
customize_forms
View and manage the Form Customization page.
dashboards
View and manage Custom Dashboards.
database
The System Info page.
database_truncate
The ability to truncate a database table.
delete_category
To delete or remove any Categories.
delete_chunk
To delete or remove any Chunks.
delete_context
To delete or remove any Contexts.
delete_document
To delete or remove any Resource.
delete_eventlog
To empty the Event Log.
delete_plugin
To delete or remove any Plugins.
delete_propertyset
To delete or remove any Property Sets.
delete_role
To delete or remove any Roles.
delete_snippet
To delete or remove any Snippets.
delete_template
To delete or remove any Templates.
delete_tv
To delete or remove any Template Variables.
delete_user
To delete or remove any Users.
directory_chmod
To chmod a physical directory.
directory_create
To create a physical directory.
directory_list
To list subdirectories for a physical directory.
directory_remove
To remove a physical directory.
directory_update
To rename a physical directory.
edit_category
To edit any Categories.
edit_chunk
To edit any Chunks.
edit_context
To edit any Contexts.
edit_document
To edit any Resources.
edit_locked
Allows a user to override a lock and edit a locked Resource.
edit_plugin
To edit any Plugins.
edit_propertyset
To edit any Property Sets.
edit_role
To edit any Roles.
edit_snippet
To edit any Snippets.
edit_template
To edit any Templates.
edit_tv
To edit any Template Variables.
edit_user
To edit any User.
element_tree
The ability to view the Elements Tree on the left nav.
empty_cache
To empty the site cache.
error_log_erase
To erase the error log.
error_log_view
To view the error log.
events
To view any System Events.
export_static
To export the site to static HTML.
file_create
To create a file.
file_list
To list files within a given physical directory.
file_manager
To use the file manager utility.
file_remove
To remove physical files.
file_tree
To view the Files Tree on the left nav.
file_unpack
To extract zip archives.
file_update
To update the content of physical files.
file_upload
To upload files to a directory.
file_view
To view the contents of a file.
flush_sessions
Can flush Sessions across the site.
formit
To view the formit package.
formit_encryptions
To view the formit package, encriptions part.
frames
To use the MODX Manager UI at all.
help
To view the Help page.
home
To view the Welcome page.
import_static
To view or use the Import pages.
languages
To edit or view Lexicon Languages.
lexicons
To edit or view Lexicons and Internationalization.
list
Basic permission to "list" any object. List means to get a collection of objects.
load
Basic permission to "load" any object, or be able to return it as an instance at all.
logout
To be able to logout as a user.
logs
To view the logs, such as error and manager logs.
menu_reports
Show the top menu item "Reports".
menu_security
Show the top menu item "Security".
menu_site
Show the top menu item "Site".
menu_support
Show the top menu item "Support".
menu_system
Show the top menu item "System".
menu_tools
Show the top menu item "Tools".
menu_trash
Show the top menu item "Trash Manager".
menu_user
Show the top menu item "User".
menus
To edit or save any top Menu items.
messages
To send or view any personal Messages.
namespaces
To edit or view Namespaces.
new_category
To create a new Category.
new_chunk
To create a new Chunk.
new_context
To create a new Context.
new_document
To create a new Resource.
new_document_in_root
To be able to create a Resource at the root level.
new_plugin
To create a new Plugin.
new_propertyset
To create a new Property Set.
new_role
To create a new Role.
new_snippet
To create a new Snippet.
new_static_resource
To create a new Static Resource.
new_symlink
To create a new SymLink.
new_template
To create a new Template.
new_tv
To create a new Template Variable.
new_user
To create a new User.
new_weblink
To create a new WebLink.
packages
To use any Transport Packages in the Package Management system.
policy_delete
To delete an Access Policy.
policy_edit
To edit an Access Policy.
policy_new
To create a new Access Policy.
policy_save
To save an Access Policy.
policy_template_delete
To delete an Access Policy Template.
policy_template_edit
To edit an Access Policy Template.
policy_template_new
To create a new Access Policy Template.
policy_template_save
To save an Access Policy Template.
policy_template_view
To view an Access Policy Template.
policy_view
To view an Access Policy.
property_sets
To view and edit Properties and Property Sets.
providers
To view and edit Providers across the site.
publish_document
To publish or unpublish any Resource.
purge_deleted
To empty the Recycle Bin.
remove
Basic permission to remove any object.
remove_locks
To remove all existing Locks throughout the site.
resource_duplicate
To duplicate a Resource.
resource_quick_create
To be able to use Quick Create Resource in the left-hand tree.
resource_quick_update
To be able to use Quick Update Resource in the left-hand tree.
resource_tree
To view the Resource Tree in the left nav.
resourcegroup_delete
To delete a Resource Group.
resourcegroup_edit
To edit a Resource Group.
resourcegroup_new
To create a new Resource Group.
resourcegroup_resource_edit
To edit Resources in a Resource Group.
resourcegroup_resource_list
To view or list Resources in a Resource Group.
resourcegroup_save
To save a Resource Group.
resourcegroup_view
To list Resource Groups.
save
Basic save permission for any object.
save_category
To save any Categories.
save_chunk
To save any Chunks.
save_context
To save any Contexts.
save_document
To save any Resources.
save_plugin
To save any Plugins.
save_propertyset
To save any Property Sets.
save_role
To save any Roles.
save_snippet
To save any Snippets.
save_template
To save any Templates.
save_tv
To save any Template Variables.
save_user
To save any Users.
search
To use the Search page.
set_sudo
To make any User sudo.
source_delete
To delete a Media Source.
source_edit
To edit a Media Source.
source_save
To create or save a Media Source.
source_view
To view and list Media Sources.
sources
To manage Media Sources and Media Source Types.
steal_locks
To "steal" locks, overriding a current lock on a Resource.
tree_show_element_ids
Show the IDs in the Elements tree.
tree_show_resource_ids
Show the IDs in the Resource tree.
undelete_document
To undelete any Resource.
unlock_element_properties
To be able to edit the default properties for any Element.
unpublish_document
To unpublish any Resources.
usergroup_delete
To delete a User Group.
usergroup_edit
To edit a User Group.
usergroup_new
To create a new User Group.
usergroup_save
To save a User Group.
usergroup_user_edit
To edit Users in a User Group.
usergroup_user_list
To view or list Users in a User Group.
usergroup_view
To view a User Group.
view
Basic permission to "view" any object.
view_category
To view any Categories.
view_chunk
To view any Chunks.
view_context
To view any Contexts.
view_document
To view any Resources.
view_element
To get a list of Elements or Element classes.
view_eventlog
To view the Event Log.
view_offline
To be able to view the site when it is in offline status.
view_plugin
To view any Plugins.
view_propertyset
To view any Property Sets.
view_role
To view any Roles.
view_snippet
To view any Snippets.
view_sysinfo
To view the system info page.
view_template
To view any Templates.
view_tv
To view any Template Variables.
view_unpublished
To view any unpublished Resources.
view_user
To view any User.
workspaces
To use Package Management.
Oh, wow. That’s odd. I assume you’re using 2.7.3? This sounds like a bug, to be honest.
Yes, using 2.7.3.
I don’t know … I’m doing a fresh install to test the same thing with no extra installed. I still think it is due to some extra … Although I have already disabled all plugins … and nothing change.
Proven … in a cool installation it works as expected. So it’s not a Modx bug…(?)
Site check reports all green, 0 errors… but it still fails
Finally SOLVED 
…a bad entry in table modx_menus, Batcher Extra menu was with permissions = settings. I don’t know why, but that was the problem, after remove it, everything turn to function normally. 
Thanks!
2 Likes