Guest user can view Landing Pages that do not allow Guest access

  • 7016926
  • 20-Oct-2015
  • 20-Oct-2015


Novell Vibe 4.0


Starting with Novell Vibe 4.0, if a registered user (or Guest user) has access to a specific folder within a workspace (or Landing Page) then the user also gets access to the (parent) workspace. In case the workspace is a Landing Page, the user can view information on the Landing page that is not controlled by explicit access controls such as HTML text, Links, etc.

For example:
Consider the following structure to a Surveys folder that allows Guest users to access and participate in the surveys:
Home Workspace > Global Workspaces > Landing Page 1 > Surveys
However, the Guest user is not granted any access to the parent workspace 'Landing Page 1'.
Once the Guest user, visits the 'Surveys' folder, he/she will be able to click the link to 'Landing Page 1' and view content such as HTML, Links, etc. that are not controlled by explicit access controls.
Note: The Guest user will NOT be able to view folders and/or entries that are part of the Landing page.


A patch is available to correct this problem for Novell Vibe 4.0 HP4. Please contact Novell Technical Support with reference to this TID and request the patch for your site.