Jahia in English > Make Jahia User...

0 (0 Good)
0 (0 Bad)

Make Jahia User non-visible to the admin of another virtual site

by  yozhag »  2013/10/28 20:50

Hi Everyone,

 

We have a requirement that every virtual site should have its set of users which will not be visible to the admins of another virtual site.

I know that documentation http://www.jahia.com/files/live/sites/jahiacom/files/documentation/6.61/en/Jahia6.61_AdminGuide.pdf says that all the virtual sites share the same users.

So does it mean that it's not possible to avoid this kind of security issues or there are some workarounds that I'm not aware of?

 

Any comments/suggestions will be helpful.

Thanks.

 

  (yozhag)

Number of messages  1
Registration date
0 (0 Good)
0 (0 Bad)

Re: Make Jahia User non-visible to the admin of another virtual site

by  faissah »  2013/11/04 21:44

Hi,

It is currently not possible to have different set of users visible for different site administrators on a same Jahia Instance. It seems that to slove this security issue, you would have to have different Jahia instances.

Regards,

Fabrice  (faissah)

Number of messages  262
Registration date
0 (0 Good)
0 (0 Bad)

Re: Re: Make Jahia User non-visible to the admin of another virtual site

by  theklem »  2013/11/05 07:23

Hi, it's not a real security issue in itself, knowing that a user, until affected to a group has no rights on a website. And groups are managed at site level.

So the only issue is the ability for power users when picking users to add them in groups or granting ACLs to be able to see the complete user list; Those admins don't have access to private info on this users, but can see their logins, first names and last names.

In a multisite context, if sites does not belong to the same company and if you need completely isolated sites, this can be a shortcoming. We're currently working to add a filtering option in user-pickers (GUI to sleect users) to dispaly only a subset of users based an a specific property. This improvement will be available in the next version (Q1 2014)

  • Re: Re: Make Jahia User non-visible to the admin of another virtual site
    2013/11/05 07:23

    theklem <p> Hi, it&#39;s not a real security issue in itself, knowing that a user, until affected to a group has no rights on a website. And groups are managed at site level.</p> <p> So the only issue is the ability for power users when picking users to add them in groups or granting ACLs to be able to see the complete user list; Those admins don&#39;t have access to private info on this users, but can see their logins, first names and last names.</p> <p> In a multisite context, if sites does not belong to the same company and if you need completely isolated sites, this can be a shortcoming. We&#39;re currently working to add a filtering option in user-pickers (GUI to sleect users) to dispaly only a subset of users based an a specific property. This improvement will be available in the next version (Q1 2014)</p>

  • Number of messages  85
    Registration date Nov 5, 2013
    Contact
    Share
    Feedback

    Get in touch

    Whether you are a current user or if you are just evaluating Jahia, we are here to help.

    Contact us

    Share this page