Sitecore EXM Security Issues












3














Hide the create list column in the sitecore exm for particular users.



We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
enter image description here










share|improve this question
























  • Which item have you changed access to in core database?
    – Marek Musielak
    3 hours ago










  • ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
    – Manikanta
    3 hours ago












  • Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
    – Pete Navarra
    2 mins ago


















3














Hide the create list column in the sitecore exm for particular users.



We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
enter image description here










share|improve this question
























  • Which item have you changed access to in core database?
    – Marek Musielak
    3 hours ago










  • ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
    – Manikanta
    3 hours ago












  • Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
    – Pete Navarra
    2 mins ago
















3












3








3


1





Hide the create list column in the sitecore exm for particular users.



We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
enter image description here










share|improve this question















Hide the create list column in the sitecore exm for particular users.



We tried to add restrictions in core database the text is hiding still it showing the icon.
Is there any way to hide the icon also.
enter image description here







exm permissions






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 hours ago









Gatogordo

11.1k21555




11.1k21555










asked 4 hours ago









Manikanta

162




162












  • Which item have you changed access to in core database?
    – Marek Musielak
    3 hours ago










  • ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
    – Manikanta
    3 hours ago












  • Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
    – Pete Navarra
    2 mins ago




















  • Which item have you changed access to in core database?
    – Marek Musielak
    3 hours ago










  • ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
    – Manikanta
    3 hours ago












  • Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
    – Pete Navarra
    2 mins ago


















Which item have you changed access to in core database?
– Marek Musielak
3 hours ago




Which item have you changed access to in core database?
– Marek Musielak
3 hours ago












ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago






ListFromFile Item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/HyperlinkButtons/ListFromFile and ListFromFileBylineText item: /sitecore/client/Applications/ECM/Component/Navigation/Primary Navigation/PageSettings/Text/ListFromFileBylineText
– Manikanta
3 hours ago














Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
2 mins ago






Couple thoughts here. This isnt a "Security Issue". I would reword the title. Secondly, those menu items are really all about ListManager, not EXM. If you look in List Manager you see the same options, just titled differently. I believe List Manager does have roles to control access to List Manager functions, but it wont hide the menu in EXM. As Marek mentions in his answer, any solution to hide is hacky and not recommended.
– Pete Navarra
2 mins ago












1 Answer
1






active

oldest

votes


















2














Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.



The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.



The whole button consist of more components:



enter image description here



In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.



I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.



And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:



enter image description here



I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "664"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f15757%2fsitecore-exm-security-issues%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.



    The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.



    The whole button consist of more components:



    enter image description here



    In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.



    I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.



    And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:



    enter image description here



    I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.






    share|improve this answer


























      2














      Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.



      The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.



      The whole button consist of more components:



      enter image description here



      In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.



      I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.



      And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:



      enter image description here



      I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.






      share|improve this answer
























        2












        2








        2






        Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.



        The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.



        The whole button consist of more components:



        enter image description here



        In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.



        I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.



        And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:



        enter image description here



        I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.






        share|improve this answer












        Maybe I'm wrong but I'm afraid that what you want to achieve is not possible.



        The items which you changed access rights to are only HyperlinkButton Parameters item and Text Parameters item which means they hold text of the button, click action and help text.



        The whole button consist of more components:



        enter image description here



        In frontend, I would use Sitecore personalization rules to hide certain components for chosen users. But it's Sitecore backend and from what I remember, personalization rules are not even executed there.



        I tried to use Sitecore Rocks plugin to hide rendering with where true (action always executed) rule but it changed nothing.



        And the image which is displayed comes from another component and links to a Sitecore icon. I downloaded the icon, uploaded it to media library, removed read access rights for an user and changed the image url to ID of the uploaded media library item, and that was the only way to hide an image which worked for me. But I could still see empty space there:



        enter image description here



        I don't like the solution. It's hacky and it doesn't look good. But it's the only one I found.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 2 hours ago









        Marek Musielak

        9,60511035




        9,60511035






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Sitecore Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f15757%2fsitecore-exm-security-issues%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Costa Masnaga

            Fotorealismo

            Sidney Franklin