Hi guys,
All of our users set up in matrix are backend LDAP users. This allows us to use the single sign on option. We have over 350 active users as well so managing their accounts as matrix users would be asking for punishment.
Most of these users only have write permissions and are just considered our web curators. They edit content and an admin approves and makes live.Our coordinators have admin permissions to their assets.
The question is - is there anyway via preferences that we can stop certain user groups using tools in matrix. Or even stop them seeing the assets map.
What I’m hoping for is if they stumble into admin - they won’t be able to tinker.
Question for the LDAP users!
fuzzi81
#1
Douglas
(Douglas (@finnatic at @waikato))
#2
Does your SSO mechanism enable you to secure content on the server in any way? Our SSO works both for identifying users and checking their group membership - and we use the latter to restrict access to _admin, _edit and other urls.
I'm not sure it would work, but for hiding the asset map I wonder if you could set the global preferences for asset map width to something low (like 0?) and then have a group with it set higher for those users you want to be able to see the asset map.
fuzzi81
#3
Thanks Douglas! That’s a quick get around for users incase they get into admin to at least throw them a little. If they know the asset numbers they could search. But anythings better than nothing!!!
Could you give a little more about your SSO options. Are you using active directory?
quimby
(Tim Davison)
#4
One thing I do is only apply permissions for 'write' users from the site down, not from top-level folders (we nest sites under folders in the root). So if they do get into the admin interface they see the asset map and it's all red x's. Of course doesn't prevent those savvy enough from typing in an id in the search box, etc, but it blocks the average user that's gotten too clever for their own good.
Douglas
(Douglas (@finnatic at @waikato))
#5
Could you give a little more about your SSO options. Are you using active directory?
I'll send you some details via PM.
fuzzi81
#6
Thanks Tim and Douglas - yep they only get permissions from the site asset down so there is a heap of crosses so they can’t actually access other assets if they get in there. But it then throws the question of what is this interface???