Hello Everyone,
I hope someone can get me a hint how to solve the problem. I have a multisite-installation and want to create a role espacialy for one site. Which isn’t the big problem, but my Administrator doesn’t have any right on this site eather.
So how can I create my policy.yaml that I dno’t have to change the policy.yaml everytime we get a new site?
To get it more clear - this is my policy.yaml and it is at the moment only restricting the assest collection
the assets are called: apo00xx
privilegeTargets:
‘TYPO3\Flow\Security\Authorization\Privilege\Entity\Doctrine\EntityPrivilege’:
‘permanent.basic:media’:
matcher: ‘isType(“TYPO3\Media\Domain\Model\AssetCollection”) && property(“title”).like(“apo%”)’
‘permanent.apo0001:media’:
matcher: 'isType(“TYPO3\Media\Domain\Model\AssetCollection”) && property(“title”).like("%apo0001%")'
roles:
‘permanent.apo0001:editor0001’:
parentRoles: [‘TYPO3.Neos:Editor’]
privileges:
-
privilegeTarget: ‘permanent.apo0001:media’
permission: GRANT
’TYPO3.Neos:Administrator’:
privileges:
-
privilegeTarget: 'permanent.basic:media’
permission: GRANT
-
privilegeTarget: 'permanent.apo0001:media’
permission: GRANT
As far as I understand it, you can grant access to a collection and if you have another delimiter all other roles are excluded, but can I create a privilegeTarget which grant in my case the admin access to all?
Thanks in advance
Robby