"View only" security role

Question

0

"View only" security role

Hock_Hin Lee posted 4 Years Ago

Is there a "View Only" security role? i.e. the user with this role can only view the contents in Rock but not change it in any way.

If there is no such role, how easy is it to create such a role?

1
- Jeremy Hoff replied 4 Years Ago
Have you tried creating a read only role?
Yes :-)
Cannot login, I think because no rights to page after successful login. Tried to add Read Only role to the page after login, but that page cannot configure for security. Did I do something wrong?
Nothing wrong, just need to do more. For example, the site has security as well and you'll want to add the new Role there with "View" rights under Rock > CMS > Sites. This is because the default "All Users" role is "Deny" for the internal site.
Edit Answer

<blockquote>Have you tried creating a read only role?</blockquote>Yes :-)<blockquote>Cannot login, I think because no rights to page after successful login. Tried to add Read Only role to the page after login, but that page cannot configure for security. Did I do something wrong?</blockquote>Nothing wrong, just need to do more. For example, the site has security as well and you'll want to add the new Role there with "View" rights under Rock > CMS > Sites.  This is because the default "All Users" role is "Deny" for the internal site.
<blockquote>Have you tried creating a read only role?</blockquote>Yes :-)<blockquote>Cannot login, I think because no rights to page after successful login. Tried to add Read Only role to the page after login, but that page cannot configure for security. Did I do something wrong?</blockquote>Nothing wrong, just need to do more. For example, the site has security as well and you'll want to add the new Role there with "View" rights under Rock > CMS > Sites.  This is because the default "All Users" role is "Deny" for the internal site.
<blockquote>Have you tried creating a read only role?</blockquote>Yes :-)<blockquote>Cannot login, I think because no rights to page after successful login. Tried to add Read Only role to the page after login, but that page cannot configure for security. Did I do something wrong?</blockquote>Nothing wrong, just need to do more. For example, the site has security as well and you'll want to add the new Role there with "View" rights under Rock > CMS > Sites.  This is because the default "All Users" role is "Deny" for the internal site.
Save Cancel
Hock_Hin Lee

4 years ago

Thanks so much. This has got me started on a good footing.
0
- Jeremy Hoff replied 4 Years Ago
Hi Hock,
Setting up a "Read Only" role is doable. I'll say that "contents of Rock" is a pretty broad term... lots of attributes, entities, places that focus on security I'm not sure which content you're referring. You may need to setup a role and define the areas specifically...
Edit Answer

Hi Hock,Setting up a "Read Only" role is doable. I'll say that "contents of Rock" is a pretty broad term... lots of attributes, entities, places that focus on security I'm not sure which content you're referring.  You may need to setup a role and define the areas specifically...
Hi Hock,Setting up a "Read Only" role is doable. I'll say that "contents of Rock" is a pretty broad term... lots of attributes, entities, places that focus on security I'm not sure which content you're referring.  You may need to setup a role and define the areas specifically...
Hi Hock,Setting up a "Read Only" role is doable. I'll say that "contents of Rock" is a pretty broad term... lots of attributes, entities, places that focus on security I'm not sure which content you're referring.  You may need to setup a role and define the areas specifically...
Save Cancel
Hock_Hin Lee

4 years ago

As a starting point, how to setup a role to view only the Person Profile Page. Where to begin with the setup? Thanks

Hock_Hin Lee

4 years ago (edited 4 years ago)

A clarification after playing with security roles for some time,
I want to allow the user to view the data of people in Rock, but not able to change any of the data about these people
0
- Hock_Hin Lee replied 4 Years Ago
Jeremy, sorry to bother you again.
I managed to create a Read Only Role, assigned to a user and it works! However, in the Smart Search section, the drop down list (as you enter info into the search field) does not appear. The Smart Search still works AFTER I press the Enter key, but no interactive drop down list. I could not find the place to increase permission for this feature
Edit Answer

Jeremy, sorry to bother you again.I managed to create a Read Only Role, assigned to a user and it works!  However, in the Smart Search section, the drop down list (as you enter info into the search field) does not appear.  The Smart Search still works AFTER I press the Enter key, but no interactive drop down list.  I could not find the place to increase permission for this feature <img style="width: 25%;" src="/Content/RockExternal/Users/LeeHockHin/Smart Search drop down list 2020-02-14 100704.png" alt="Smart Search drop down list 2020-02-14 100704.png"> 
Jeremy, sorry to bother you again.I managed to create a Read Only Role, assigned to a user and it works!  However, in the Smart Search section, the drop down list (as you enter info into the search field) does not appear.  The Smart Search still works AFTER I press the Enter key, but no interactive drop down list.  I could not find the place to increase permission for this feature <img style="width: 25%;" src="/Content/RockExternal/Users/LeeHockHin/Smart Search drop down list 2020-02-14 100704.png" alt="Smart Search drop down list 2020-02-14 100704.png"> 
Jeremy, sorry to bother you again.I managed to create a Read Only Role, assigned to a user and it works!  However, in the Smart Search section, the drop down list (as you enter info into the search field) does not appear.  The Smart Search still works AFTER I press the Enter key, but no interactive drop down list.  I could not find the place to increase permission for this feature <img style="width: 25%;" src="/Content/RockExternal/Users/LeeHockHin/Smart Search drop down list 2020-02-14 100704.png" alt="Smart Search drop down list 2020-02-14 100704.png"> 
Save Cancel
Hock_Hin Lee

4 years ago

Found the answer. Added my new Read Only Role to the Search Controller within the Security > REST Controllers > Security Lock/permissions

Jeremy Hoff

4 years ago

That's great! Thank you very much for sharing that hint!

Jeremy Hoff · Accepted Answer · 2020-02-10T21:37-07:00

1

Jeremy Hoff replied 4 Years Ago

As a starting point, how to setup a role to view only the Person Profile Page. Where to begin with the setup? Thanks

Start in Rock > Security > Security Roles and create a new role titled "Read-Only".
Then on the Person Details page, edit the Page Security to include "View" for the new roll "Read-Only"
Then edit Block Security for each Block to include "View" access for the new roll "Ready-Only".

This is the safest way I can think of. Alternatively, you could copy the "Staff-Like" Security Role and then edit security to /remove/ Edit access where needed... this will speed the role creation but removing security means extra vigilance.

I'll give a nod to Jim Michaels excellent "Demystifying Rock Security" subscription video, which can help in more ways that just this: https://community.rockrms.com/subscriptions/rx2019

I hope that helps!

Edit Answer

<blockquote>As a starting point, how to setup a role to view only the Person Profile Page. Where to begin with the setup? Thanks</blockquote>Start in Rock &gt; Security &gt; Security Roles and create a new role titled "Read-Only". Then on the Person Details page, edit the Page Security to include "View" for the new roll "Read-Only" Then edit Block Security for each Block to include "View" access for the new roll "Ready-Only".This is the safest way I can think of. &nbsp;Alternatively, you could copy the "Staff-Like" Security Role and then edit security to /remove/ Edit access where needed... this will speed the role creation but removing security means extra vigilance.I'll give a nod to Jim Michaels excellent "Demystifying Rock Security" subscription video, which can help in more ways that just this: <a href="https://community.rockrms.com/subscriptions/rx2019" target="_blank">https://community.rockrms.com/subscriptions/rx2019&nbsp;</a>I hope that helps!

<blockquote><p>As a starting point, how to setup a role to view only the Person Profile Page. Where to begin with the setup? Thanks</p></blockquote><p>Start in Rock &gt; Security &gt; Security Roles and create a new role titled "Read-Only".<br>Then on the Person Details page, edit the Page Security to include "View" for the new roll "Read-Only"<br>Then edit Block Security for each Block to include "View" access for the new roll "Ready-Only".</p><p>This is the safest way I can think of. &nbsp;Alternatively, you could copy the "Staff-Like" Security Role and then edit security to /remove/ Edit access where needed... this will speed the role creation but removing security means extra vigilance.</p><p>I'll give a nod to Jim Michaels excellent "Demystifying Rock Security" subscription video, which can help in more ways that just this: <a href="https://community.rockrms.com/subscriptions/rx2019" target="_blank">https://community.rockrms.com/subscriptions/rx2019&nbsp;</a></p><p>I hope that helps!</p>

<blockquote><p>As a starting point, how to setup a role to view only the Person Profile Page. Where to begin with the setup? Thanks</p></blockquote><p>Start in Rock &gt; Security &gt; Security Roles and create a new role titled "Read-Only".<br>Then on the Person Details page, edit the Page Security to include "View" for the new roll "Read-Only"<br>Then edit Block Security for each Block to include "View" access for the new roll "Ready-Only".</p><p>This is the safest way I can think of. &nbsp;Alternatively, you could copy the "Staff-Like" Security Role and then edit security to /remove/ Edit access where needed... this will speed the role creation but removing security means extra vigilance.</p><p>I'll give a nod to Jim Michaels excellent "Demystifying Rock Security" subscription video, which can help in more ways that just this: <a href="https://community.rockrms.com/subscriptions/rx2019" target="_blank">https://community.rockrms.com/subscriptions/rx2019&nbsp;</a></p><p>I hope that helps!</p>

Save Cancel

Hock_Hin Lee

4 years ago (edited 4 years ago)

Created the Read Only role, added role to Person Detail page, assigned role to user.
Cannot login, I think because no rights to page after successful login. Tried to add Read Only role to the page after login, but that page cannot configure for security. Did I do something wrong?

BTW, I am testing these on version 7.6
Hock_Hin Lee

4 years ago (edited 4 years ago)

Looking at the Page Security for the Person Details page, I noticed that only Administrators are allowed to Edit and/or Administrate. Yet, User with Staff Like Workers role can Edit the person's data.

The Security help notes for the Edit tab goes like this:-
The roles and/or users that have access to edit blocks on this page or any child page, when those block or pages don't specifically define security for the current user (i.e. when this page is used as a 'parent authority').

My interpretation of Edit from the text above is Editing the blocks and fields on the page, and NOT about Editing the data contents of the fields. Have you tried creating a read only role?

Question

0

"View only" security role

1

1

0

0