Hi,
We are trying to achieve a scenario where documents could be reached in vault from a guest account. We want the guest user to login via the web interface. The guest should only have read access to some folders. This works fine, with one disadvantage. The guest account can browse all the folders where read access is denied. We'd like this improved, we really need to be able to create a read permission on directory level not only on file level. By the way, the folders are hidden when using the client application, they are only viewable via the web client.
We are using V2.0.6
Thanks,
Niklas
Hidden folders are viewable in web client
Moderator: SourceGear
Niklas,
When you set a user to have no permissions to a folder, that folder should not be browsable. If I understand your desired setup correctly, you would need to set the guest account to have default permissions of 0 (no read, no checkin, no delete) and then set the user to have read access just to the folders that you want them to see. Does that setup not work? Can you give me more specifics about how you have permissions set for the account? Does the security get applied correctly if you log in through the GUI client?
-Jeremy
When you set a user to have no permissions to a folder, that folder should not be browsable. If I understand your desired setup correctly, you would need to set the guest account to have default permissions of 0 (no read, no checkin, no delete) and then set the user to have read access just to the folders that you want them to see. Does that setup not work? Can you give me more specifics about how you have permissions set for the account? Does the security get applied correctly if you log in through the GUI client?
-Jeremy
Hi Jeremy,jeremy_sg wrote:Niklas,
When you set a user to have no permissions to a folder, that folder should not be browsable. If I understand your desired setup correctly, you would need to set the guest account to have default permissions of 0 (no read, no checkin, no delete) and then set the user to have read access just to the folders that you want them to see. Does that setup not work? Can you give me more specifics about how you have permissions set for the account? Does the security get applied correctly if you log in through the GUI client?
-Jeremy
The guest account is setup with access right to the repository,
Permissions are all default disabled,
A specific folder access is added
R $/Specifications Reposit
If I logon with the GUI client this works fine. I can only see the folder Specifications (other directories in root level aren't shown).
When I use the web client I can see all directories on root level and enter them and see the filenames. If i click on the version (on a file) link I get this message:
Code: Select all
Server Error in '/VaultService' Application.
--------------------------------------------------------------------------------
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Code: Select all
Unable to display history items.
Error: FailPermissionDenied