We’re defining some permissions in our config.cfc for different roles. Works so far, members of that role get a 401 when they try to access an object that they shouldn’t.
The object in question is still listed in Data Manager and we would like to hide it entirely from members of that specific group.
We can do this by manually setting the permissions for this group via the admin interface
I think this could/should be done entirely through roles. You have a single, or multiple roles that grant various access to various permissions you want for the object.
You grant no other roles access to the object.
Then in the admin you create a group/s that has that/those role/s. Only put people in the group that wish access.
This only returns false, when the contextKeynavigate is denied for the specific usergroup through the GUI.
If there’s no denial to this group, the permissionKey="datamanager.navigate"is returning true for the complete access of the datamanager, but not for the individual object.
setting the permission to !myObject.navigate is returning a 401 when clicking on the link to the object in the datamanager, but it’s still listed there.
According to the hasPermission this is correct, because yes, the general access to the datamanager is granted, but the one to the individual object doesn’t.
Is the getGroupedObjects wrong in this case? We can’t hide it through the permission settings.