Please help strengthen our documentation by rating items on how helpful they are, and by suggesting documentation, that we are missing and should focus on next.
posted on 11:21 - 03 July 2009 | posted by Lev
You may have noticed while browsing your site, that, depending on your configuration, certain things might seem accessible to you, even though you are certain they are not enabled or permitted.
The reason for this scenario is probably a pretty simple one, in which nothing is actually wrong, but you just aren't aware of something.
Theia has a passive admin permission (117) for "override access", which is enabled for the "administrator" group by default.
What this does is treats all services as enabled to you, as well as any module access checks, section access checks or item access checks. It does not effect admin permissions, as this would cause a serious security risk.
It also means you are always granted access when an access list check is performed. In other words, if a member on your site sets their blog's access to being only their friends, even if you are not their friend, with this setting enabled you will have access.
If you in such a situation in which you want to be sure that the permission scheme is working properly, try disabling this permission before testing. It's also a good idea to clear your site's cache.
The reason for this scenario is probably a pretty simple one, in which nothing is actually wrong, but you just aren't aware of something.
Theia has a passive admin permission (117) for "override access", which is enabled for the "administrator" group by default.
What this does is treats all services as enabled to you, as well as any module access checks, section access checks or item access checks. It does not effect admin permissions, as this would cause a serious security risk.
It also means you are always granted access when an access list check is performed. In other words, if a member on your site sets their blog's access to being only their friends, even if you are not their friend, with this setting enabled you will have access.
If you in such a situation in which you want to be sure that the permission scheme is working properly, try disabling this permission before testing. It's also a good idea to clear your site's cache.
Bookmark item @
