Security Role on Editing Block on Person Profile

Question

0

Security Role on Editing Block on Person Profile

Derek Dalton posted 8 Years Ago

I have set the security on a block on the Person Profile to Deny All Users under EDIT (of course not RSR - Rock Administration), but the security role can still edit the Attributes on the block. What am I missing? Is there something I need to set in the Entity Adminstration or Rest Controllers? Hoping this a duh moment. Thanks in advance.

Rock RMS.jpg

D

Jim Michael · Answer 1 · 2016-02-26T15:17-07:00

0

Jim Michael replied 8 Years Ago

It can be confusing, but setting the security on the Attribute Values block like that does not control the edit *function* of that block... it controls whether or not you can edit the block itself. To control the editing of the attributes, you need to go to Admin Tools | General Settings | Person Attributes and click the lock next to each attribute you need to change the rights on. Add your deny rule there, and the role/user will lose the ability to edit that attribute.

As long as ANY attribute in the Attribute Values block is editable, you will see the edit pencil, but if all attributes within are not editable, the pencil goes away.

Edit Answer

<p>It can be confusing, but setting the security on the Attribute Values block like that does not control the edit *function* of that block... it controls whether or not you can edit the block itself. To control the editing of the attributes, you need to go to Admin Tools | General Settings | Person Attributes and click the lock next to each attribute you need to change the rights on. Add your deny rule there, and the role/user will lose the ability to edit that attribute.</p>

<p>As long as ANY attribute in the Attribute Values block is editable, you will see the edit pencil, but if all attributes within are not editable, the pencil goes away.</p>

<p>It can be confusing, but setting the security on the Attribute Values block like that does not control the edit *function* of that block... it controls whether or not you can edit the block itself. To control the editing of the attributes, you need to go to Admin Tools | General Settings | Person Attributes and click the lock next to each attribute you need to change the rights on. Add your deny rule there, and the role/user will lose the ability to edit that attribute.</p>

<p>As long as ANY attribute in the Attribute Values block is editable, you will see the edit pencil, but if all attributes within are not editable, the pencil goes away.</p>

Save Cancel

Derek Dalton

8 years ago

What if you have hundred of attributes across multiple categories?
Jim Michael

8 years ago

Then (today, at least) you're going to be editing hundreds of attributes 😕

David Leigh · Answer 2 · 2016-02-27T12:13-07:00

0

David Leigh replied 8 Years Ago

This does appear to be confusing behavior.
As Jim has mentioned in his answer, it is possible to control the security of individual Attributes.
However, like Derek I would expect that disabling Edit permission on the block would render the entire content as read-only, regardless of the individual Attribute permissions.

Jim, I'm not sure what you mean when you say that the Edit permission "controls whether or not you can edit the block itself"?
Perhaps I'm misinterpreting, but I would have thought that making changes to the actual block content would require Administrate permissions rather than Edit?

This looks like it might be a bug, so my suggestion would be to log an issue on GitHub for further investigation/clarification of the expected behavior.

Edit Answer

This does appear to be confusing behavior. 
As&nbsp;Jim has mentioned in his answer, it is possible to control the security of individual Attributes. 
However, like Derek&nbsp;I would expect that disabling Edit permission on the block would render the entire content as read-only, regardless of the individual Attribute permissions.

Jim, I'm not sure what you mean when you say that the Edit permission "controls whether or not you can edit the block&nbsp;itself"? 
Perhaps I'm misinterpreting, but I would have thought that making changes to the actual block content would require Administrate permissions rather than Edit?

This looks like it might be a bug, so my suggestion would be to log an issue on GitHub for further investigation/clarification of the expected behavior.

<p>This does appear to be confusing behavior.<br />
<span style="line-height: 20.8px;">As&nbsp;</span><span style="line-height: 1.6em;">Jim has mentioned in his answer, it is possible to control the security of individual Attributes.</span><br />
<span style="line-height: 1.6em;">However, like Derek&nbsp;</span><span style="line-height: 1.6em;">I would expect that disabling Edit permission on the block would render the entire content as read-only, regardless of the individual Attribute permissions.</span></p>

<p><span style="line-height: 1.6em;">Jim, I'm not sure what you mean when you say that the Edit permission "controls whether or not you can edit the block&nbsp;itself"?<br />
Perhaps I'm misinterpreting, but I would have thought that making changes to the actual block content would require Administrate permissions rather than Edit?</span></p>

<p><span style="line-height: 1.6em;">This looks like it might be a bug, so my suggestion would be to log an issue on GitHub for further investigation/clarification of the expected behavior.</span></p>

<p>This does appear to be confusing behavior.<br />
<span style="line-height: 20.8px;">As&nbsp;</span><span style="line-height: 1.6em;">Jim has mentioned in his answer, it is possible to control the security of individual Attributes.</span><br />
<span style="line-height: 1.6em;">However, like Derek&nbsp;</span><span style="line-height: 1.6em;">I would expect that disabling Edit permission on the block would render the entire content as read-only, regardless of the individual Attribute permissions.</span></p>

<p><span style="line-height: 1.6em;">Jim, I'm not sure what you mean when you say that the Edit permission "controls whether or not you can edit the block&nbsp;itself"?<br />
Perhaps I'm misinterpreting, but I would have thought that making changes to the actual block content would require Administrate permissions rather than Edit?</span></p>

<p><span style="line-height: 1.6em;">This looks like it might be a bug, so my suggestion would be to log an issue on GitHub for further investigation/clarification of the expected behavior.</span></p>

Save Cancel

Jim Michael

8 years ago

What I meant was that there's a distinction (in my mind, anyway) between editing "the block" vs. editing the attributes within the block. This is seen when you remove edit right to the block... When doing so you lose the ability to arrange the order of the attributes (because that's editing the block's behavior itself), but it does nothing to prevent you from editing attributes you have edit rights to via the attribute itself.

I guess this seemed like expected behavior to me because I never needed to control access to attributes via the attribute values block, but maybe it is a bug.

Question

0

Security Role on Editing Block on Person Profile

0

0