cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

User has access to Thing even when he does not have permission

Level 6

User has access to Thing even when he does not have permission

I want to remove the visibiltiy of a thing for an exsisting user. Despit removing all the visibility, run time and design time permissions the user is still able to see the thing and even edit the properties. He can't add properties or update the thing.

 

The user is called Stefan Arbeitsstellen

The Thing is the TestLoomManager

 

I used the access reports feature to check what is causing him to have this ability, but it shows nothing:
Admin Access Report.png

 

As you can see in this screenshot I'am logged in as Stefan Arbeitsstellen but I am still able to see the TestLoomManager. 

 

SA_Visibility.png

 

I also removed all the permissions for the Templates and Shapes that are used with the TestLoomManager.

 

Do you have any idea whats the cause of this behaviour?

 

Greetings Micha

4 REPLIES 4

Re: User has access to Thing even when he does not have permission

Check the permissions at the Collections level.  They will override permission settings at the thing level.

Re: User has access to Thing even when he does not have permission

I checked permissions at the collection level. Either the user nor his group have any rights at the collection level for things and projects. (No Visibilty, Run Time and Design Time permissions)

 

The thing is still visible and editable for user Stefan Arbeitsstellen.

 

Is it possible that this has something to do with that the user had once full design rights and then changed some properties of the thing?

 

Re: User has access to Thing even when he does not have permission

verify the collection level permissions at Persistence Providers also

see if somehow that user is mentioned there- try to limit the permissions accordingly

Re: User has access to Thing even when he does not have permission

I checked now all the permissions on the collection level including the Persistence Providers.

Sadly the user had no permissions there at all. 

 

For all the other things it was possible to take away the permissions and they disappeared from the users composer. But this Test Loom manager stays accessible, even when i remove everything.

 

Is there a possibility to see any metadata of a thing or to reset such data?

There must be something like metadata of permissions. Since when i create a new thing with the user via API command, there are no permissions displayed in the permissions tab, but the user has full access on his created thing. What would i do if i want to remove that access for the user, but keep the thing as administrator?