Environment
Novell Vibe 4.0
Situation
Starting with Novell Vibe 4.0, if a registered user (or Guest user) has access to a specific folder within a workspace (or Landing Page) then the user also gets access to the (parent) workspace. In case the workspace is a Landing Page, the user can view information on the Landing page that is not controlled by explicit access controls such as HTML text, Links, etc.
For example:
Consider the following structure to a Surveys folder that allows Guest users to access and participate in the surveys:
Home Workspace > Global Workspaces > Landing Page 1 > Surveys
However, the Guest user is not granted any access to the parent workspace 'Landing Page 1'.
Once the Guest user, visits the 'Surveys' folder, he/she will be able to click the link to 'Landing Page 1' and view content such as HTML, Links, etc. that are not controlled by explicit access controls.
Note: The Guest user will NOT be able to view folders and/or entries that are part of the Landing page.
For example:
Consider the following structure to a Surveys folder that allows Guest users to access and participate in the surveys:
Home Workspace > Global Workspaces > Landing Page 1 > Surveys
However, the Guest user is not granted any access to the parent workspace 'Landing Page 1'.
Once the Guest user, visits the 'Surveys' folder, he/she will be able to click the link to 'Landing Page 1' and view content such as HTML, Links, etc. that are not controlled by explicit access controls.
Note: The Guest user will NOT be able to view folders and/or entries that are part of the Landing page.
Resolution
A patch is available to correct this problem for Novell Vibe 4.0 HP4. Please contact Novell Technical Support with reference to this TID and request the patch for your site.