CMS 10.6: Unauthorized Users Can Embed Components in ICE
CMS 10.6 ICE permits users to embed/unembed components in content items regardless of their user group permission restrictions.
Statement of Issue
In In-Context Editing (ICE) mode, users can embed and unembed components regardless of their user group permissions. When the Allowed to embed and unembed component fields permission is not authorized in group permission settings, ICE does not adhere to the restriction.
Resolution
An upcoming CMS release will resolve this issue.
As a workaround, notify users you do not want them to embed/unembed components in ICE, or consider restricting editing permissions at a higher level with one of the following options:
-
Revoke editing permissions if you want to enforce restrictions on particular groups or content items.
See Creating Groups for details to change group permission settings.
See Setting Page Security for details to change security settings on individual content items.
-
Disable ICE for all CMS users. This option is not recommended for site implementations that heavily rely on ICE.
See In-Context Editing Settings for details to turn off ICE.
If you enforce stronger editing restrictions, users may not have permissions to complete tasks relevant to their role.
Keep in mind the Index and Form editing modes adhere to the permission restriction. If group members attempt to embed/unembed components in these editing modes, the CMS will prevent them from doing so.
Additional Information
If you have questions or experience further issues, contact Ingeniux Support.
There are no comments yet.