Restricting writing rights by category inside a workspace

Anonymous 2018-11-29 · le 27/03/14 à 10:48


In our JCMS 7.1.3 intranet site, we are associating a certain group of "contributors" to a given workspace, and then giving them writing rights to a set of content types. After that, we restrict the "category use rights" and the "category editor rights" to a given set of categories.

It seems that the members of this group have the rights to modify every publication of the content types in the workspace (according to the writing rights), even if they don't belong to the categories set for the group.

Is it possible to change this behavior somehow, so that the writing rights affect only to publications in a set of categories?

Thanks in advance!

4 pts
Olivier Jaquemet · le 27/03/14 à 10:57

Hello David, 

If I correctly understand your need, the feature you are looking is provided by the Category Rights Plugin :

This plugin provides a new read access policy for the publications. This policy propagates the category rights to the publications. A publication is not visible for a member if it uses at least one category this member cannot access. 

0 pt
Anonymous 2018-11-29 · le 27/03/14 à 11:04

Hello Olivier,

Thanks for your reply. We are actually using the Category Rights Plugin (version 2.0.2) already. However, as far as I understood, it's rather related to read access, not to writing rights. Is it possible to configure it to handle writing rights too?


You are absolutely correct.

There is no equivalent feature for the writing rights (natively or through plugin).

PS: I highly recommend you to upgrade your Category Rights plugin to the latest version of the plugin which include an important security fix, the security contact identified for your organization should have received an alert on march 11.

Olivier Jaquemet · le 27/03/14 à 11:11

In that case, which alternative do you suggest? We have considered creating separate workspaces for different groups. Would there be some simpler option?

PS: Do you refer to this security alert?

Anonymous 2018-11-29 · le 27/03/14 à 12:35

You could develop your own mechanism using customs DataController and RightPolicyFilter, however be aware that this is not a trivial task.
I'm sorry but I do not have any easy solution for your need.

PS : no this is not this message which refers to a data corruption bug. Another security alert was sent earlier to a restricted set of contacts in charge of security in their organization. I quickly checked and apparently no one is referenced at your company. Please get in touch with our professional services to register a dedicated security contact for that purpose, this person will then have access to earlier alert and will be notified in the future.

Olivier Jaquemet · le 27/03/14 à 12:47
0 pt