Different Pull/Push permissions for different publish targets? #265
Comments
|
Hi, Is your test user a member of any other groups that might have permissions (note the Admin group gets all these permissions by default). Assuming you are using Umbraco v13 ? (based on icon's really) The Push and Pull permissions are global (so don't change per server) but if the group only has Pull content, then you should only see pull in the menu. (I have just double checked the setup you have above locally) but the permissions are only for content,media and dictionaries - if the user can see the settings section, then they will be able to push and pull from the Publisher dashboard (that's because its config, so anyone with access to config can configure the thing). |
|
Yes, I'm in v13, sorry. (Umbraco 13.5.3, usync 13.2.6). I made for simplicity one editor test user, member of 3 groups: (no configs, settings permissions for this user) So my users gets Push permission from "Dev publisher" group, I assume. Does that apply globally then, to any publish target? For a scenario where I would allow developer to push no further then Dev environment. Not QA or Prod, however, still allow them to Pull from any (Dev, Test, Prod) so they can work with latest content. |
|
Hi. Yes the push and pull are global. :( you can set up the each server as push / pull per enivronment. if we assume you have three servers setup (ignore the url's here, just for demo)
then if the developer is on their own machine (and it's not defined in the server list) they will use the 'default' setup which is under the 'advanced' tab. So here you can say push / pull dev, and pull the other two servers.
Then on the dev server you could say push/Pull to QA and pull only from Prod
on prod, push pull to dev and qa
|
|
I've made this setup, but can still publish to test from localhost (as administrator). Also as a simple editor if I give Editors push permission. It seems that the uncheck option Push for Test or Staging envs does not make a difference
Also is there a way to pre-configure these servers in appsettings? |
|
Hi Kevin, Been testing a bit more and it seems that whatever list I define in the default servers under Advanced, it's ignored. When on localhost (which is not in the servers list), I get the full list. For ex. I have these under Default:
and when trying the push action, I get full list and can push to all:
However if I add my localhost among the servers and configure connections on it, then the push/pull restrictions are working.
Perhaps this is a workaround, but not very solid - if a developer is running his local on a custom hostname, or different port, he/she will be able to push again to Prod or any server. |
|
Hi, Yes this might be a bug, we will investigate it for you. |
|
Hi, We have a nightly build with a fix for this in it if you want to test it (no other changes in this release yet). |
|
Hi Kevin, Next, I'll be looking to some configuration for local machines. Was hoping it's possible to have a setup like umbraco cloud has, where developers can push/pull only to dev by default. |
I'm trying to achieve the following setup with two publish targets in the publisher (Dev & Test):
Dev server - users should be able to pull and push (content & media)
Test server - users should only be able to pull (content & media)
So I'm setting up two user groups and assigning them to each corresponding server connection:
Dev Connection - persmissions: Push, Pull
Test Connection - pemissions: Pull
However an editor can still publish to my test server. Any idea what I'm doing wrong? Perhaps I'm missing something, but I would expect users to not be able to push content to my Test environment, but they still can
The text was updated successfully, but these errors were encountered: