Limit Access to Specific Pages - Bloomreach Experience - Open Source CMS

Limit Access to Specific Pages

Goal

Protect a part of the protected channel with more specific required roles

Example

Assume you have the setup done as described in Add a Preview Channel and Limit Access, but now besides that the user must

  1. Authenticate
  2. have role staff

you also require a part of the preview to be only accessible for uber staff users. Thus http://localhost:8080/site/mypreview can be accessible by any authenticated user in role staff, but now you also need to make sure that http://localhost:8080/site/mypreview/blogs is only accessible for a specific group of users. This can be realized as follows assuming you have the archetype setup and added blogs feature. 

Navigate to /hst:myproject/hst:configurations/myproject/hst:sitemap/blog and to the blog sitemap item add:

hst:roles = uberstaff

Now, as a result, an authenticated user that is in role staff but not in role uberstaff will get a 403 unauthorized when accessing /blog or a sub URL below /blog.

For the users that need to be able to access /blogs, make sure that they are in a group that have 

site.uberstaff, site.staff

or add this userrole explicitly to specific users.

 

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?