How to create a restricted area on your homepage

From OpenCms Wiki
Revision as of 13:34, 3 September 2015 by Paul (Talk | contribs)
Jump to: navigation, search

How to create members-only areas or protected files/folders by requiring a valid username and password.

If your site contains resources that should not be open to the general public, you can use OpenCms' Permissions mechanism to add password-protection on the specific resources. This way, visitors will not be granted access unless they can provide a valid username and password.

You can use this to protect single files, or you can create members-only areas, by tuning permissions on the parent folder(s).

NOTE: The steps described here are for a single user, but should work just as well for a group.


Contents

Create your user / group

Create a web/guest user (we'll call it "myuser" here).

Typically, this user should be created either in the existing Guests group, or a dedicated custom group (we'll call it "mygroup"). Also, the new user should typically have the role "No role", meaning it cannot be used to access to the OpenCms workplace.


Tune guest access

On the resource you want to protect, open the "Permissions" dialog from the context menu.

On the guests group (Guests) settings: check "Overwrite inherited" and uncheck all permissions. Then click the "Set" button.

Unchecking means setting the permissions to "Unset", which is like a "weak deny", that - unlike "deny" - can be overridden by an "allow".

Guests: ?r ?w ?c ?d ?v (all unset)

The affected resource(s) should now be inaccessible to the public; Anyone requesting an affected resource will be prompted for a username and password.

Tune user/group access

Grant read/view access to the newly created user:

myuser: +r -w -c -d +v

... OR, if you're using a dedicated group, you can set the same permissions for the group instead:

mygroup: +r -w -c -d +v

That's it. For more info, see the documentation of OpenCms permissions.


How ACLs in OpenCms 6 work, in general

(This is by Alexander Kandzior, from the mailing list.)

Important: Forget about the group "inheritance" feature. Just make sure all groups you create are NOT in parent / child relationship with any other group.

Let's say you have folder "/folderA/".

Let's also say you have a group "GroupB" and a group "GroupC".

Members of these groups are also in group "Users" since they must be using the workplace.

Let's say you want "/folderA/" accessible only for "GroupB", NOT for "GroupC".

Do it like this:

Open the "Permissions" dialog on the context menu:

  1. Add the "Users" group from the list of groups. Leave all boxes unchecked EXCEPT "overwrite inherited". This must be checked. Press "Set". You have now removed all permissions of the "Users" group on the folder. To verify this, check the permissions of any file in the folder using the permission dialog. It should show NO permissions "()" for the users group.
  2. Now add "GroupB" on the permission screen of "/folderA/". Give "GroupB" the permissions you require, e.g. "read" and "write". Click set.

Now users of "GroupC" should not be able to view the "/folderA/" anymore in the workplace, they have no read access to it etc.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox