It is now common practice to lock down user layouts such that non-admin users cannot modify what is on the page. This is especially so with new layouts where grids with filters and/or "Favorite" carousels are prominent.
This is accomplished by denying CUSTOMIZE
and ADD_TAB
permissions in UP_SYSTEM
.
There are already default versions of files that GRANT
these permissions in the
base
data set.
The originals are:
data/base/permission_set/Authenticated_Users__ADD_TAB__UP_SYSTEM.permission-set.xml
data/base/permission_set/Authenticated_Users__CUSTOMIZE__UP_SYSTEM.permission-set.xml
And should be copied to your permission_set data directory, changing target
permission-type
to DENY
.
<permission-set script="classpath://org/jasig/portal/io/import-permission_set_v3-1.crn">
<owner>UP_SYSTEM</owner>
<principal-type>org.apereo.portal.groups.IEntityGroup</principal-type>
<principal>
<group>Authenticated Users</group>
</principal>
<activity>ADD_TAB</activity>
<target permission-type="DENY">
<literal>ALL</literal>
</target>
</permission-set>
<permission-set script="classpath://org/jasig/portal/io/import-permission_set_v3-1.crn">
<owner>UP_SYSTEM</owner>
<principal-type>org.apereo.portal.groups.IEntityGroup</principal-type>
<principal>
<group>Authenticated Users</group>
</principal>
<activity>CUSTOMIZE</activity>
<target permission-type="DENY">
<literal>ALL</literal>
</target>
</permission-set>