Relevance: Write permissions granted via roles

Paul_Curran · November 19, 2014, 3:50pm

Hi all,

Is there a way, using session relevance, to identify custom sites that a given user might have write permissions on?

From what I can see, write permissions granted via a roles do not show up in the writer property of the bes site inspector.

e.g.

I create a new custom site - “siteX”
I create a new role - “roleX”
(Master Operator?: No, Custom Content: Yes, Other Actions: Yes, Unmanaged Assets: None)
I grant writer permission to “siteX” in “roleX”
I assign “roleX” to a non-master operator, “userX”

Now if I evaluate this session relevance:

names of writers of bes custom sites whose( name of it = "siteX" )

I do not see “userX” appear in the response, even though that permission has been granted to that user.

Any idea why? Or how I might otherwise find out what custom sites a user might have write access to by means of roles assigned to them?

Cheers,
Paul.

ottumm · November 19, 2014, 11:12pm

You should be able to get a list of all operators, roles, and LDAP groups that have permissions for a given site using the REST API’s site resource. The query would be a GET to:

https://{server}:{port}/api/site/{site type}/{site name}/permissions

Paul_Curran · November 20, 2014, 10:17am

Okay - thanks for the update Mike.

-Paul.

jgstew · November 26, 2014, 8:03pm

I agree that this is an issue. I do have needs to do this in relevance that the REST API won’t satisfy.

It does seem like an oversight that writers of a site granted by a role do not show up in the results of the writers inspector.

ottumm · December 11, 2014, 8:44pm

I also agree that it’s an issue – didn’t mean to imply otherwise, was just giving a workaround.

We are tracking this internally as bug #65542.