Some time ago we set up simple edit interfaces and asset builders for our site so content managers could add documents and edit pages.
the content managers were set up with the appropriate permissions.
Last week we finished our migration of our intranet into Matrix and applied the appropriate permissions for admins and Staff (normal) user groups (all brought in via an LDAP bridge)
Since then users content managers (who appear in both Staff usergroup and the admin usergroup) now can't edit pages despite the fact they have admin rights and could edit them before. Even in the corporate site where permissions have not changed. I was able find a temporary work around by giving all staff write permission.
Problem: no content in the WYSIWYG editor when they go to edit via simple edit interface.
The other thing is that the only way I was able to get admins to be able to have a listing of where they could upload documents to in the media folder in the asset builder form was to give the media folder public write permissions.
Neither the simple edit or asset builder permissions is satisfactory. Can anyone identify why we may be having this problem? 
LDAP users will lose their permissions if they are moved around within your directory. If permissions are assigned for an LDAP group, check the group name is still the same, and the users are still within the same group. If permssions are assigned to an LDAP user, you will see an "Unknown LDAP user" in the asset map, and on the permissions screen for that asset (if the user has been moved).
In addition to this, I believe there may be an issue where a particular LDAP user is a member of more than one group, in that the permissions of one group override the other. I know this can be an issue when using more than one LDAP bridge, but I'm not sure if it applies otherwise.
[quote]LDAP users will lose their permissions if they are moved around within your directory. If permissions are assigned for an LDAP group, check the group name is still the same, and the users are still within the same group. If permssions are assigned to an LDAP user, you will see an "Unknown LDAP user" in the asset map, and on the permissions screen for that asset (if the user has been moved).
In addition to this, I believe there may be an issue where a particular LDAP user is a member of more than one group, in that the permissions of one group override the other. I know this can be an issue when using more than one LDAP bridge, but I'm not sure if it applies otherwise.[/quote]
Hmmmmm?
So does that mean that if I have LDAP users in the Staff group I can't have the same LDAP users in the Admin group and have them be able to edit the site?
Would I have to create individual backend or admin users via matrix so those users can also use the admin features in Matrix? (In which case they'd have to have a separate login to do the admin.)
or
Could I just pull the users out of the LDAP list a second time and link them to the admin group? (I think that's how I did it in the first place.)
[quote]Hmmmmm?
So does that mean that if I have LDAP users in the Staff group I can't have the same LDAP users in the Admin group and have them be able to edit the site?[/quote]
If the groups are User Group assets in Matrix, then you can have the same LDAP users in the Admin and Staff groups while them still having the ability to edit the site.
If the groups are LDAP Groups, then I'm unsure.
I wasn't sure from your post which kind of group you were using.
[quote]If the groups are User Group assets in Matrix, then you can have the same LDAP users in the Admin and Staff groups while them still having the ability to edit the site.
If the groups are LDAP Groups, then I'm unsure.
I wasn't sure from your post which kind of group you were using.[/quote]
It seems that the access issues are separate. I may have resolved the simple edit problem but I'm still having an issue with the "Dynamic" create locations drop-down (sorry for not clearly identifying what was going on) not showing anything in the asset builder unless write permissions for the parent location are set to public.
The users have no trouble adding assets through the matrix admin so it must be to do with the system.
Any clues?
I came across a similar problem before, it was because the client has multiple LDAP bridges setup and Matrix uses the order listed under LDAP Authentication (System Management >Authentication Systems > LDAP Authentication).
For example, you have 2 LDAP bridges setup in your Matrix System, ldap1 and ldap2, (maybe connects to different servers with replication logic on the same LDAP directory). You grant permission to a group in ldap2. LDAP users logging into Matrix will be via ldap1 bridge, and therefore do not have permission to edit page.
This can be totally irrelevant to the problem you are having though.
Which version of Matrix are you running? There was an issue in a particular version where Matrix didn't expand group memberships for LDAP Users correctly, so permissions were not being calculated properly. This has been resolved in the latest version (v3.14.1), so it may be worth upgrading to see if this resolves your issue.