Sitecore EXM Security Issues
Hide the create list column in the sitecore exm for particular users.
We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
exm permissions
edited 2 hours ago
Gatogordo
11.1k21555
asked 4 hours ago
Manikanta
162
add a comment |
Hide the create list column in the sitecore exm for particular users.
We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
exm permissions
edited 2 hours ago
Gatogordo
11.1k21555
asked 4 hours ago
Manikanta
162
Which item have you changed access to in core database?
– Marek Musielak
3 hours ago
ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago
Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
5 mins ago
add a comment |
Hide the create list column in the sitecore exm for particular users.
We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
exm permissions
edited 2 hours ago
Gatogordo
11.1k21555
asked 4 hours ago
Manikanta
162
Hide the create list column in the sitecore exm for particular users.
We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
exm permissions
exm permissions
edited 2 hours ago
Gatogordo
11.1k21555
asked 4 hours ago
Manikanta
162
edited 2 hours ago
Gatogordo
11.1k21555
asked 4 hours ago
Manikanta
162
edited 2 hours ago
Gatogordo
11.1k21555
edited 2 hours ago
Gatogordo
11.1k21555
edited 2 hours ago
Gatogordo
11.1k21555
11.1k21555
asked 4 hours ago
Manikanta
162
asked 4 hours ago
Manikanta
162
asked 4 hours ago
Manikanta
162
162
Which item have you changed access to in core database?
– Marek Musielak
3 hours ago
ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago
Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
5 mins ago
add a comment |
Which item have you changed access to in core database?
– Marek Musielak
3 hours ago
ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago
Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
5 mins ago
Which item have you changed access to in core database?
– Marek Musielak
3 hours ago
Which item have you changed access to in core database?
– Marek Musielak
3 hours ago
ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago
ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago
Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
5 mins ago
Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
5 mins ago
add a comment |
1 Answer
1
active
oldest
votes
Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.
The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.
The whole button consist of more components:
In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.
I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.
And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:
I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.
answered 2 hours ago
Marek Musielak
9,60511035
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "664"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f15757%2fsitecore-exm-security-issues%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.
The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.
The whole button consist of more components:
In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.
I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.
And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:
I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.
answered 2 hours ago
Marek Musielak
9,60511035
add a comment |
Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.
The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.
The whole button consist of more components:
In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.
I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.
And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:
I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.
answered 2 hours ago
Marek Musielak
9,60511035
add a comment |
Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.
The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.
The whole button consist of more components:
In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.
I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.
And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:
I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.
answered 2 hours ago
Marek Musielak
9,60511035
Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.
The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.
The whole button consist of more components:
In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.
I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.
And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:
I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.
answered 2 hours ago
Marek Musielak
9,60511035
answered 2 hours ago
Marek Musielak
9,60511035
answered 2 hours ago
Marek Musielak
9,60511035
answered 2 hours ago
Marek Musielak
9,60511035
9,60511035
add a comment |
add a comment |
Thanks for contributing an answer to Sitecore Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f15757%2fsitecore-exm-security-issues%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Which item have you changed access to in core database?
– Marek Musielak
3 hours ago
ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago
Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
5 mins ago