Public
More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kgroneman
Boss
‎01-15-2019 04:03 PM
‎01-15-2019 04:03 PM

Roles: I need a better understanding

I've read a few posts/articles on roles and this is the most comprehensive one I've found.   

If I understand it correctly, role assignments in categories, sub categories, etc. are only additive.   They can't restrict.    For example if a role at the community level gives permission to "read posts" but not "submit posts" the following is true at a lower level:

  • I can add the "submit posts" permission
  • I can not remove the "read posts" permission

Is that correct?  I'm making that assumption based on what I'm seeing.  I have a specific category I don't want people with a specific role to see/access.   I create the role at that category level and set all permissions to NO.  However, when I switch to a user with that role, I can still see/access that category.  They have no other roles.  How do I do this?  I think I'm being stupid here. 

 

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
0 Kudos
14 Replies 14
lilim
Boss
‎01-15-2019 04:30 PM
‎01-15-2019 04:30 PM

Hi @kgroneman -

Are the default permissions for your community set so that "read posts" is granted? If so, try leaving the permission set to "default" for this special role, rather than setting it to grant. (See example below of permissions for a moderator role.)

examplepermissions.png

Also -

Are the default permissions for the category also set to deny?

Have you tried removing the role and then checking for that category?

----------------------------------

Lili McDonald
Community Manager @ Amazon
Connect on LinkedIn
kgroneman
Boss
In response to lilim
‎01-16-2019 09:26 AM
‎01-16-2019 09:26 AM

Hi @lilim    Thanks for the reply.   Here are the default permissions in the areas I want to block a specific role from seeing:2019-01-16 08_15_35-Community Settings - Micro Focus Community.png

Here are the permissions for the role I want to block:2019-01-16 08_22_03-Community Settings - Micro Focus Community.png

Yet I switch to a user that has that role, and I can still access this area so obviously I'm not understanding how this works.    They have access to the parent category and sibling categories.  I just want to block them from this one. 

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
0 Kudos
lilim
Boss
In response to kgroneman
‎01-16-2019 12:49 PM
‎01-16-2019 12:49 PM

For the Knowledge Partner role at the board level, you could try moving the read posts permissions to "deny" rather than the "default". While it is also set to deny, it might be overridden by the permissions at the community level.

----------------------------------

Lili McDonald
Community Manager @ Amazon
Connect on LinkedIn
kgroneman
Boss
In response to lilim
‎01-16-2019 03:53 PM
‎01-16-2019 03:53 PM

Ok..did that.  It made no difference.   I just don't understand why I can't block this role here.  The user has no other roles that has access to these private areas. 

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
lilim
Boss
In response to kgroneman
‎01-16-2019 05:07 PM
‎01-16-2019 05:07 PM

Have you tried deleting that role from the board level and the category level (if possible)?

----------------------------------

Lili McDonald
Community Manager @ Amazon
Connect on LinkedIn
CarolineS
Boss
In response to kgroneman
‎01-16-2019 05:33 PM
‎01-16-2019 05:33 PM

Have you confirmed that the roles you create are actually sticking? I had an issue a few weeks ago where my roles would always revert back to the default permissions after I saved them.

Support fixed this via some sort of configuration change that had to be deployed in the maintenance window.

CarolineS
Boss
In response to lilim
‎01-16-2019 05:49 PM
‎01-16-2019 05:49 PM

Perhaps there's a name mismatch between the community-level role and the category-level role - e.g. two spaces accidentally in one of the versions of the name? I like @lilim's suggestion of deleting the role (maybe both roles) and trying again.

kgroneman
Boss
In response to CarolineS
‎01-17-2019 08:31 AM
‎01-17-2019 08:31 AM

@lilim  I've deleted the role at the category level and recreated it twice.  @CarolineS  when I recreated it I copied/pasted the role name, and it's not a complicated role name so I'm certain there isn't a name mismatch.  I think it's time I open a support case and ask them to look at it and tell me why it isn't working.  Thanks a LOT for trying to help me figure this one out.  I'll post back here when support tells me what bonehead thing I'm doing to make it so this doesn't work.

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
DanK
Boss
In response to kgroneman
‎01-17-2019 07:13 PM
‎01-17-2019 07:13 PM

Is it possible to reverse the logic of having this role exclude this location and rather have a role that allows the location, which is disabled by default.

We have several employee only or superuser only locales within Community. These are explicitly granted via a role rather than, as in your case, revoked.

Welcome to the Technology board!

Curious about our platform? Looking to connect on social technology? You've come to the right place!

Are you a Khoros customer? For direct assistance from our Support team, please visit the Support Forum.