Hello I hope someone can help me.
We need to limit access to our payment page to one login as we want to reduce risk of hacks coming via email gaining access to one of our editors’ logins and changing the bank account details on the page.
I have created a user group and access control list. I have assigned the page to the relevant resource group.
I tried logging in with another login but I could still edit the payment page.
What am I doing wrong?
Thank you for any help you can give me!
I suppose it is in the MODX manager that you want to limit access?
What ACLs did you create?
I believe you have to give one user group access to that resource group in the “mgr” context, to restrict the access for other user groups.
Be sure to clear the site cache and logout all users before testing any changes to permissions.
Thank you, I will check both recommendations.
Hello again, still struggling to resolve this: can limit access to the page for users with lower permissions but the Administrator can still edit the page?
I need the Administrator to view only and limit access for others but not be able to edit the page.
Make sure the Admin is not a sudo
user and is not a member of any of the User Groups that can edit the page.
Letting the Admin view the page but not edit it is tricky. It would be easy to let the Amin view the page only in the front end. To do it in the Manager, I think you’d have to create a new User Group with Just the Admin in it, and connect that to the page’s Resource Group with a Resource Group ACL entry in the ‘mgr’ context, but with a Policy that had Load, List and View, but not Edit, Save, or Delete, checked.