This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Portals and Portlets and the fly likes Issues in Portlet and Page permission Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Portals and Portlets
Bookmark "Issues in Portlet and Page permission" Watch "Issues in Portlet and Page permission" New topic

Issues in Portlet and Page permission

Vinu Neelambaran

Joined: Nov 22, 2010
Posts: 3

I'm facing some issues in Portlet and Page permission, please help..

- Logged-in as admin user

- Created a role named "Test Role"

- Created a user named "Katy"

- Assigned "Test Role" to Katy. Removed Power User role.

- I have created a page named "Dashboard" and provided the 'View' permission thru' Manage > Page > Permissions to 'Test Role'

- Added a portlet named "My Test Portlet" to the dashboard page

- Clicked on "Configuration" button in the title bar of the portlet. Assigned 'View' permission to "Test Role"

- User Katy logged-in, she was able to view the "My Test Portlet". This is fine.

- Again logged-in as admin user, using the configuration button of "My Test Portlet" removed the "View" permission from "Test Role"

- User katy logged-in, she was shown the error message "Access denied". This is fine.

- Logged-in as admin user and the page permission of "Dashboard" was changed to "Update"

- User Katy logs-in and she is able to view the "My Test Portlet" which is not correct.

Even though there is no view permission for "Test Role", Katy was able to access the portlet because the page permission has "Update". This means portlet permission is overridden by page permission which is incorrect. Please let me know if I have done anything wrong.

I'm using Liferay CE 6.0.4.

I agree. Here's the link:
subject: Issues in Portlet and Page permission
Similar Threads
Spring security in same project by two separate user entities(Customer & User table)
Assigning Portlet permission to a Role
Removing of the JBOSS Catch for Custom Login Module when Roles changes
[Liferay] Protect portlet