11 Replies Latest reply on May 8, 2012 7:36 PM by 771390

    Site Studio Manager - Admins only?

      Can only Admins utilize the Site Studio Manager fragment? We have a need to allow contributors to update sections of the website, but we don't want to give them admin access to the content server. We are using Site Studio Designer and Content Server 11g.
        • 1. Re: Site Studio Manager - Admins only?
          ryan sullivan2
          any contributor should be able to access the SSManager fragment. it's up to how you provision it.

          That should be covered in the docs:

          deploying to a site:


          What have you tried and what issues have you run into? Please post any specifics about what you're trying to do, what you've done to try and make it work, and finally all errors and issues you're running into.

          Hope this info gets you there!

          • 2. Re: Site Studio Manager - Admins only?
            ryan sullivan2
            cross-post info:

            • 3. Re: Site Studio Manager - Admins only?
              Here is a little background: We are using jxplorer with LDAP (if you have suggestions on a better free LDAP tool I would love to hear it) to add users to roles and accounts. We use 11g for everything. I wrapped the fragment in idoc on the page template that matches the users accounts with the data file account, if they match than SSM is displayed.

              The problem is unless that user has the role of admin, they receive an error message in the SSM fragment "Node Access Denied". In the user admin applet (Permissions by Role), Contributor has the following permissions:

              "Code (R)"
              "Public (RWD)"
              "Secure (R)"

              The data file is Public, the Manager configuration settings file is public. As a test, I added Code (RW) to the role contributor but still received the same error message. Thoughts?
              • 4. Re: Site Studio Manager - Admins only?
                ryan sullivan2
                jxplorer is a fine client. http://directory.apache.org/studio/ is a good one as well, but a bit heavier footprint.

                Is the node accessible? The fragment should just be a part of a page. It seems that you're saying that a non-admin can access the page, which means that they can access the node in the project file & the CDF correctly.

                Your error is node-related, are you sure that your user has RW to the node that the SSManager is defaulting to show?

                Do you have any IsContributor or other security measures in place? if so, remove them for now to simplify your testing.

                • 5. Re: Site Studio Manager - Admins only?
                  Steve Hamilton
                  Check in Designer, in the properties pane, that the web site and the section property called Security is blank or set appropriately.
                  I had a client with a user that kept setting the web site security to their group and account and locking everyone else out.
                  • 6. Re: Site Studio Manager - Admins only?
                    You are very helpful, but still no luck. The user can update, add content, save and close the contribution region of the node with no issues. I checked in SSD and the security section for each node is blank. We don't have any IsContributor in the general configs of the admin server, tho as info, we have DefaultAccounts=#all(R),#none(R) set.
                    • 7. Re: Site Studio Manager - Admins only?
                      ryan sullivan2
                      hmmm.. besides posting your error logs to verify that there are no other errors, it could be that your SSManager config file has the Contributor only option set.. but that doesn't match with the node error you posted.

                      Are you 100% sure that the node access error is related to the SSManager loading? Are there any js errors?

                      Are you sure there are no priv errors coming from the section hierarchy being shown in the Manager?

                      At this point, I would try to create a new top-level section of your site and add only the manager. Start over and remove all possible variables. There shouldn't be too many hurdles in getting the Manager up & running.

                      • 8. Re: Site Studio Manager - Admins only?
                        Gosh, nope still no love. The error logs have the "Node Access Denied" in them and I can post the details of the error if that helps. I don't think it's a js error because if I make the user an admin, or login with my admin id, everything works correctly.

                        I created a brand new section, with a new page template, didn't work. So I created a brand new test website. Brand new home page template, new sections, new manager config file. I didn't add anything but manager to it. At first I assigned the page template and the manager config file to security group: code and account: system, but that didn't work. Changed everything to security group: public and account: uprr. Still same error. I think maybe I will open up a Oracle SR and see if they can find something you and I haven't been able to. I really appreciate the help. I will let ya know the outcome.

                        Many thanks!

                        Oh here is the error, just in case:

                        Event generated by user 'XMIE534' at host 'omhx78:987000'. Node access denied. [ Details ]
                        An error has occurred. The stack trace below shows more information.

                        intradoc.common.ServiceException: !csSSNodeNoAccess
                        at sitestudio.SSHierarchyServiceHandler.verifyNodeSecurity(Unknown Source)
                        at sitestudio.SSHierarchyServiceHandler.verifyNodeSecurity(Unknown Source)
                        at sitestudio.SSHierarchyServiceHandler.getCustomNodePropertyDefs(Unknown Source)
                        at sitestudio.SSHierarchyServiceHandler.getCustomNodePropertyDefs(Unknown Source)
                        at sitestudio.SSHierarchyServiceHandler.getCustomNodePropertyDefs(Unknown Source)
                        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:597)
                        at intradoc.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:86)
                        at intradoc.common.ClassHelperUtils.executeMethodReportStatus(ClassHelperUtils.java:324)
                        at intradoc.server.ServiceHandler.executeAction(ServiceHandler.java:79)
                        at intradoc.server.Service.doCodeEx(Service.java:532)
                        at intradoc.server.Service.doCode(Service.java:504)
                        at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1622)
                        at intradoc.server.Service.doAction(Service.java:476)
                        at intradoc.server.ServiceRequestImplementor.doActions(ServiceRequestImplementor.java:1439)
                        at intradoc.server.Service.doActions(Service.java:471)
                        at intradoc.server.ServiceRequestImplementor.executeActions(ServiceRequestImplementor.java:1371)
                        at intradoc.server.Service.executeActions(Service.java:457)
                        at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:723)
                        at intradoc.server.Service.doRequest(Service.java:1865)
                        at intradoc.server.ServiceManager.processCommand(ServiceManager.java:435)
                        at intradoc.server.IdcServerThread.processRequest(IdcServerThread.java:265)
                        at intradoc.idcwls.IdcServletRequestUtils.doRequest(IdcServletRequestUtils.java:1332)
                        at intradoc.idcwls.IdcServletRequestUtils.processFilterEvent(IdcServletRequestUtils.java:1678)
                        at intradoc.idcwls.IdcIntegrateWrapper.processFilterEvent(IdcIntegrateWrapper.java:221)
                        at sun.reflect.GeneratedMethodAccessor163.invoke(Unknown Source)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:597)
                        at idcservlet.common.IdcMethodHolder.invokeMethod(IdcMethodHolder.java:87)
                        at idcservlet.common.ClassHelperUtils.executeMethodEx(ClassHelperUtils.java:305)
                        at idcservlet.common.ClassHelperUtils.executeMethodWithArgs(ClassHelperUtils.java:278)
                        at idcservlet.ServletUtils.executeContentServerIntegrateMethodOnConfig(ServletUtils.java:1592)
                        at idcservlet.IdcFilter.doFilter(IdcFilter.java:330)
                        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
                        at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:94)
                        at java.security.AccessController.doPrivileged(Native Method)
                        at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
                        at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:414)
                        at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:138)
                        at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
                        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
                        at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
                        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
                        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
                        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
                        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
                        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
                        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
                        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
                        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
                        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
                        at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
                        • 9. Re: Site Studio Manager - Admins only?
                          ryan sullivan2
                          I would set the secgrp and account to the most ootb options possible.

                          Also, your error still appears to point to node security which is the Security setting you put onto the project file folder/node. This is in the "Properties" section, typically the lower left corner, of the Site Studio Designer. There are two 'security' properties. one is in the "web site properties" and the other is in the "section properties".

                          Let us know how it turns out!

                          • 10. Re: Site Studio Manager - Admins only?
                            I double checked the Properties section of the newly created web site. In Site Studio Designer in the Properties pane, in the web site properties section, the security is blank as well as in the section properties, the security is blank. This is the same for the original web site I started with.

                            I tried setting the security group to public with no accounts and still didn't work. I appreciate your help! Keep ya posted.
                            • 11. Re: Site Studio Manager - Admins only?
                              It turns out we had our security and ldap configured the 10g way. We have updated our R&D env with the 11g security model and everything seems to be working accordingly.

                              Thanks for your help!