Hi,

I've created a view that I only want to be accessible by a certain role, 'admin' ($rid = 4). I created the view, and it works fine, but all authenticated users can access it, whether they have the assigned role or not (anonymous users still get 'Access Denied').

I can post the whole view export if that would help, but the relevant part seems to be correct: 

$view->access = array (
  0 => '4',
);

Any ideas?

Thanks in advance.

Comments

zwhalen’s picture

zwhalen commented

Well, I may have a solution, but it still doesn't seem intuitive to me.

Under the main access control, I tried unchecking "access all views" for every role, and now I have the behavior I expected: a view which is supposed to be restricted to my 'admin' role is now only visible that role. Interestingly, other views which have no views access restriction are still visible to all users, even though they don't have explicit "access all views" permission.

Something still seems wrong between the two layers of access permission. It's like the "yes" of access control overrides the "no" of views access, but the "yes" of views access in turn overrides the "no" of access control. Is that how it's supposed to work? If so, that could be explained better in the view building form.

merlinofchaos’s picture

merlinofchaos commented

'access all views' is an administrative flag; it exists only so I don't have to hardcode UID 1 because people keep assuming the administrator will always have access to a view, whether the like it or not. So the 'all' in that phrase is very important; it is a total override, and should probably not be given to anything except for your otp tier admin role.

sun’s picture

sun
Primary language German
Location Karlsruhe
commented
Status: Active » Closed (duplicate)

Marking as duplicate of #258674: Access control not working / misleading permission