I'm facing some issues in Portlet and Page permission, please help..
- Logged-in as admin user
- Created a role named "Test Role"
- Created a user named "Katy"
- Assigned "Test Role" to Katy. Removed Power User role.
- I have created a page named "Dashboard" and provided the 'View' permission thru' Manage > Page > Permissions to 'Test Role'
- Added a portlet named "My Test Portlet" to the dashboard page
- Clicked on "Configuration" button in the title bar of the portlet. Assigned 'View' permission to "Test Role"
- User Katy logged-in, she was able to view the "My Test Portlet". This is fine.
- Again logged-in as admin user, using the configuration button of "My Test Portlet" removed the "View" permission from "Test Role"
- User katy logged-in, she was shown the error message "Access denied". This is fine.
- Logged-in as admin user and the page permission of "Dashboard" was changed to "Update"
- User Katy logs-in and she is able to view the "My Test Portlet" which is not correct.
Even though there is no view permission for "Test Role", Katy was able to access the portlet because the page permission has "Update". This means portlet permission is overridden by page permission which is incorrect. Please let me know if I have done anything wrong.