Is there a problem now with Element Access Levels?

[CountryTrash]

Hi there,
I am now battling to limit fields to different groups.

I have a UserGroup VENDOR linked only to an Access Group VENDOR.
I also have a UserGroup PROCUREMENT linked only to an Access Group PROCUREMENT.

I created my test user Supplier1 which is only linked to Group VENDOR

In my tender_invitee table i have a field tender_info_uif_ok (databasejoin to a tender_info_status table) and I do NOT want to let the vendors see it but procurement should.

I therefore made the Access of this field, (both Edit and View), VENDOR but the supplier can still both view and edit it.

This is MAJOR for me as I cannot open all field updates to all ....

 

[sales2010]

I created my test user Supplier1 which is only linked to Group VENDOR

Hello,

I think you should not add Supplier to Group Vendor; instead keep him in Registered or any other group except Vendor. I think you should do that because Group Vendor have access to the Vendor Access Level and adding Subscriber to the Group Vendor will allow the access.

 

[CountryTrash]

How would the system then know that the supplier (who is a VENDOR) must not see that field?

 

[troester]

I can't replicate this.
Check your access levels, groups are inheriting access.

 

[CountryTrash]

Forgot to say that I gave the field tender_info_uif_ok field access to PROCUREMENT, so I assumed that the VENDOR users will not see it..

 

[sales2010]

How would the system then know that the supplier (who is a VENDOR) must not see that field?

I'm not very sure what you want to achieve. Who you want to have access and who should not?

The idea of using Access Level is:

If user belong to group will have access. If group is included in another group, the first group will have access to second group.

If you want to restrict for all groups, you can add a different group. For example, create a group "Administrators" and give access to Edit and View. The field will be hidden for all users except those who belong to Group Administrators.

 

[CountryTrash]

That is exactly what I am trying to do!

Checked again and documenting as I check
1. applicable groups are
1.1 Registered->Procurement
1.2 Registered->Vendor

I then also have under Viewing Access Levels some groups that includes:
Vendor
I checked and in the Group Access this Access Level is ONLY granted to "Vendor" at the moment (only box ticked) although it should have Registered as well as there are other things on the site that they all must see

I have another access Level "Procurement" that only has access level "Procurement" and "Registered"

The user in question, Supplier1 is allocated to "Registered" and "Vendor"

Checking the element in question (group=proc_tender_invatations) the element
{tender_info_uif_ok} I set the edit and view access of that element to "Procurement"

SO: My assumption is that if Supplier1 who now logs in and who as access to Controlled access fields for "Vendor" should not see this field.

I have given troester access but I can give you as welll if you want to see what I have done....

 

[CountryTrash]

Ok, Troester,

I calmed down, THEN called my daughter (Joomla expert, (no Fabrik)).
Turned out I made the same mistake as on my LAST site.

Both the Vendor and Procurement Groups must have Public as Parent, not Registered.

In my previous site I had a scenario where I wanted the Registered->Child Group but to my embarresment did not think it through.

Thanks for the patience .....

 

[rob]

acl can be a tricky beast for us all! Glad to hear you got it resolved though