close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

restricting access to admin usergroup?

Thread began 2/22/2021 10:15 am by Peterson Design Studio - jefferis | Last modified 4/22/2021 5:27 pm by Ray Borduin | 117 views | 11 replies |

Peterson Design Studio - jefferis

restricting access to admin usergroup?

Hi Ray, I created a security > access groups called admin. In my user database I have usergroups 1 and 2. 1 for customers, 2 for admins. In the admin access groups I added all the emails of those who are admins. The issue is that once anyone is logged in, I can't restrict access to admin pages. The customers need to be logged in to be able to see the wholesale catalog. I am not sure I am going about this correctly. My DB has tables for usergroups and users. In users, I also have a field for user groups, but when I created administration pages in the wizards, the server behaviors do not see the user group field. When I try to add dynamic text to the behaviors, it doesn't show that usergroup field. The wizard said something about the fields not matching and some would be dropped. but my table field names match the one WA created. https://www.screencast.com/t/wrh8Uvm4Mvj

Sign in to reply to this post

Ray BorduinWebAssist

You should update your login page to store the access group in the session. Then you can create a rule based on the value of the session variable for admin and customers.

Sign in to reply to this post
Did this help? Tips are appreciated...

Peterson Design Studio - jefferis

Do I have to rerun the entire security access wizard to do that? I keep looking in server behaviors and bindings but don't see a way to add it.

BTW.... switching from root to relative on the site preferences makes all your wizards run a lot faster. Go figure!

Sign in to reply to this post

Ray BorduinWebAssist

No, just open the authenticate user server behavior on the login page and then update the security assist rule directly from the webassist menu.

You almost never re-enter a wizard once it has run.

Sign in to reply to this post
Did this help? Tips are appreciated...

Peterson Design Studio - jefferis

thanks. I think I would need an example of what you are saying or a more complete explanation. I went to the auth user behavior and then to SA>Authenticate User and it seems if I add usergroup to this, it would exclude customers. It would apply the rule to all logins. Maybe I should just set up a separate login for admin pages?

Sign in to reply to this post

Ray BorduinWebAssist

You add the usergroup in the Save Value tab, not in the Filter tab. It just saves that value in the session so you can use it in your security assist rule when you want to.

You could do separate logins if you wanted.

Sign in to reply to this post
Did this help? Tips are appreciated...

Jonas

I have the same problem and therefore write my post here instead of creating a new one.

I want restrict access to my admin pages. So that only those who are logged in as admin can access these pages (userGroupID: 1). I have tried to understand how this works, but it's not working.

I have two different Security Pages on my site. One is in the admin folder. and the other is directly in the root for users (I do not know if this is optimal, or how to do this otherwise).

Table Usergroup. This is what my usergroup table looks like. (fig1.png)
-
# 1. registration.php (for users): Here I have assigned the value 2 to UserGroupID in the insert record. (fig2.png)
-
# 2. login.php. Here I have assigned UserGroupID the same session name as UserID. (fig3.png)
-
# 3. I have created two groups from Access Group Manager. Group 1: Name: admin, Member: admin. Group 2: Name: user, Member: user. (fig4.png, fig5.png)
-
# 4. I have duplicated "Logged in to users" from Access Rules Manager. I have named this new rule: "Logged in as admin". I have chosen "In group" as Criteria, and "admin" as Compare to. (fig6.png)
-
# 5. I have opened a page that I want to restrict access to (in admin folder). Then I chose WebAssist -> SecurityAssist -> SecurePage. Then I have selected "Logged in as admin" as a rule grant access if, and a default page as if access denied. (fig7.png)
-
# 6. If I want to change this rule, it says "Not Logged in as admin" as grant access if. Why? This is not true and is confusing. I just assigned it to "Logged in as admin".(fig8.png)

Are these steps correct, or have I missed something?

Sign in to reply to this post

Ray BorduinWebAssist

You can delete your access groups. Since you have two types of user that are identified with a single session variable, groups is over-complicating it.

You can just use three access rules without groups. Groups is for creating lists of users and grouping them... like if you wanted users 4,8,10 to be admin. You are already grouping your users in your database and saving the group in the session.

Your access rules could just be:

Admin = Allow if: session variable SecurityAssist_UserID has value = 1
User = Allow if: session variable SecurityAssist_UserID has value = 2
Logged In = Allow if: session variable SecurityAssist_UserID does not equal "" (blank)

Sign in to reply to this post
Did this help? Tips are appreciated...

Jonas

Sorry, but I do not understand. If I just set $ _SESSION ['SecurityAssist_UserID'] to 1, there will be no change. The idea is right. That is, 1 should be for admin. But here's something missing? See picture.

Sign in to reply to this post

Ray BorduinWebAssist

On your login page, update your Authenticate User server behavior to save the user group value in the session. Then you can use that session variable to differentiate between groups in your security assist rules.

Sign in to reply to this post
Did this help? Tips are appreciated...
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...