If you are unable to create a new account, please email support@bspsoftware.com

 

How to disable Dashboard feature by default

Started by Eag. E, 24 Apr 2020 04:33:21 AM

Previous topic - Next topic

Eag. E

Hi Gurus, I want to disable Dashboard by default, whereas I set only one group of user to use it. At the very beginning I gave all "authenticated user" deny Dashboard, and gave only the right group to enable Dashboard, then I found if DENY has been applied, no other rules can be preformed.
That's your suggestion, thanks

MFGF

Quote from: Eag. E on 24 Apr 2020 04:33:21 AM
Hi Gurus, I want to disable Dashboard by default, whereas I set only one group of user to use it. At the very beginning I gave all "authenticated user" deny Dashboard, and gave only the right group to enable Dashboard, then I found if DENY has been applied, no other rules can be preformed.
That's your suggestion, thanks

Hi,

Adding a specific Deny for any user/group/role overrides access granted elsewhere, so this is not the way to go. The way security works is that any user gets the sum of all capabilities granted to them (ie of all groups and roles they belong to), unless something is specifically denied. What you need here is an implicit deny - ie the users do not have the capability granted.

You need to identify what groups and roles your users belong to, and then for each, remove the 'allow' for dashboards. Make sure you remove the capability for the Everyone group and the All Authenticated Users group too (it's easy to overlook these).

Once the capability has been removed from all users, groups and roles, add it back in for just the one group you need dashboard access for.

Cheers!

MF.
Meep!

Eag. E

Quote from: MFGF on 24 Apr 2020 07:06:51 AM
Hi,

Adding a specific Deny for any user/group/role overrides access granted elsewhere, so this is not the way to go. The way security works is that any user gets the sum of all capabilities granted to them (ie of all groups and roles they belong to), unless something is specifically denied. What you need here is an implicit deny - ie the users do not have the capability granted.

You need to identify what groups and roles your users belong to, and then for each, remove the 'allow' for dashboards. Make sure you remove the capability for the Everyone group and the All Authenticated Users group too (it's easy to overlook these).

Once the capability has been removed from all users, groups and roles, add it back in for just the one group you need dashboard access for.

Cheers!

MF.

Thanks MF. :)