I have the requirement to grant individual authors access to their specific page (and no other pages()
I found something unexpected in doing this.
I created a user "product1" and granted them read / write / create / delete access to:
This let them navigate to:
However, they were unable to edit properties of the page widgets until I granted them read access to:
http://192.168.99.174:4502/cf#/content/digitalmailbox/en/providers/tel stra.html(i.e. the parent directory)
Is that correct? I would have expected that it was not required.
I also confirmed that they did not have access to view sibling products i.e. the following was not visible:
I also needed to grant read access to libs/* - I'm not sure if that could possibly be a security risk. I'm assuming it's OK for people to be able to read the foundation source code.