Khoros Community

Highlighted
Esteemed Contributor
Esteemed Contributor

Roles: I need a better understanding

Jump to solution

I've read a few posts/articles on roles and this is the most comprehensive one I've found.   

If I understand it correctly, role assignments in categories, sub categories, etc. are only additive.   They can't restrict.    For example if a role at the community level gives permission to "read posts" but not "submit posts" the following is true at a lower level:

  • I can add the "submit posts" permission
  • I can not remove the "read posts" permission

Is that correct?  I'm making that assumption based on what I'm seeing.  I have a specific category I don't want people with a specific role to see/access.   I create the role at that category level and set all permissions to NO.  However, when I switch to a user with that role, I can still see/access that category.  They have no other roles.  How do I do this?  I think I'm being stupid here. 

 

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
Tags (2)
0 Kudos
14 Replies 14
Honored Contributor Honored Contributor
Honored Contributor

Re: Roles: I need a better understanding

Jump to solution

Hi @kgroneman -

Are the default permissions for your community set so that "read posts" is granted? If so, try leaving the permission set to "default" for this special role, rather than setting it to grant. (See example below of permissions for a moderator role.)

examplepermissions.png

Also -

Are the default permissions for the category also set to deny?

Have you tried removing the role and then checking for that category?

----------------------------------

Lili McDonald
Community Manager @ National Instruments


Reply
Loading...
Esteemed Contributor
Esteemed Contributor

Re: Roles: I need a better understanding

Jump to solution

Hi @lilim    Thanks for the reply.   Here are the default permissions in the areas I want to block a specific role from seeing:2019-01-16 08_15_35-Community Settings - Micro Focus Community.png

Here are the permissions for the role I want to block:2019-01-16 08_22_03-Community Settings - Micro Focus Community.png

Yet I switch to a user that has that role, and I can still access this area so obviously I'm not understanding how this works.    They have access to the parent category and sibling categories.  I just want to block them from this one. 

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
0 Kudos
Reply
Loading...
Honored Contributor Honored Contributor
Honored Contributor

Re: Roles: I need a better understanding

Jump to solution

For the Knowledge Partner role at the board level, you could try moving the read posts permissions to "deny" rather than the "default". While it is also set to deny, it might be overridden by the permissions at the community level.

----------------------------------

Lili McDonald
Community Manager @ National Instruments


Reply
Loading...
Esteemed Contributor
Esteemed Contributor

Re: Roles: I need a better understanding

Jump to solution

Ok..did that.  It made no difference.   I just don't understand why I can't block this role here.  The user has no other roles that has access to these private areas. 

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
0 Kudos
Reply
Loading...
Honored Contributor Honored Contributor
Honored Contributor

Re: Roles: I need a better understanding

Jump to solution

Have you tried deleting that role from the board level and the category level (if possible)?

----------------------------------

Lili McDonald
Community Manager @ National Instruments


Reply
Loading...
Honored Contributor
Honored Contributor

Re: Roles: I need a better understanding

Jump to solution

Have you confirmed that the roles you create are actually sticking? I had an issue a few weeks ago where my roles would always revert back to the default permissions after I saved them.

Support fixed this via some sort of configuration change that had to be deployed in the maintenance window.

----
Caroline Sekar | Community Manager @ Cisco Meraki | @merakicaroline
Reply
Loading...
Honored Contributor
Honored Contributor

Re: Roles: I need a better understanding

Jump to solution

Perhaps there's a name mismatch between the community-level role and the category-level role - e.g. two spaces accidentally in one of the versions of the name? I like @lilim's suggestion of deleting the role (maybe both roles) and trying again.

----
Caroline Sekar | Community Manager @ Cisco Meraki | @merakicaroline
Reply
Loading...
Esteemed Contributor
Esteemed Contributor

Re: Roles: I need a better understanding

Jump to solution

@lilim  I've deleted the role at the category level and recreated it twice.  @CarolineS  when I recreated it I copied/pasted the role name, and it's not a complicated role name so I'm certain there isn't a name mismatch.  I think it's time I open a support case and ask them to look at it and tell me why it isn't working.  Thanks a LOT for trying to help me figure this one out.  I'll post back here when support tells me what bonehead thing I'm doing to make it so this doesn't work.

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
0 Kudos
Reply
Loading...
Honored Contributor Honored Contributor
Honored Contributor

Re: Roles: I need a better understanding

Jump to solution

Is it possible to reverse the logic of having this role exclude this location and rather have a role that allows the location, which is disabled by default.

We have several employee only or superuser only locales within Community. These are explicitly granted via a role rather than, as in your case, revoked.

Reply
Loading...