Follow the example provided by the 'default' portal and the 'Admin' page.
Note the security settings on the portal - unchecked has both view and personalizerecursive access.
Note the security on the News, Test and default pages - unchecked has viewrecursive access.
Note the security in the Admin page - Admin has viewrecursive access.
So, for example, if you add a new role, Manager, and add a new page, ManagerStuff, then to allow only users in the Manager role to see that page, set Manager to have viewrecursive access to the ManagerStuff page.
An alternative is to not specify any access rights at the portal level and then define specific role access for each page.
Thanks for reply... mightbe I didn't address my problem correctly.
I had specified access right for my page, and I got access denied message when page was invoked by a user who doesn't have access right.
My problem is that how to hide the page from user view, since there is no need for the user to know that there are pages that he/she cannot access. I donn't want the page name/menu shows on Catalog portlet window when the user doesn't have access to it.
I have this same problem. It seems you can hide a page from a user, but setting permissions on a window has no effect. So if I have a page with three portlets on it and I want to hide one of them I can't do this by setting the view permissions on the window for that porltet to admin only. If I set the view permissions on the portlet itself Then you see the portlet window with an access denied message. This is not I want to happen obviously.
I also have similar problems with permissions on the edit view. I want to have a portlet be visible to everyone but only be editable for admin users. If I go to the instance security settings for some reason I see only a view option that I can configure even though my portlet supports the edit mode. This occurs for all portlets even out of the box ones like the news portlet that clearly support the edit view. Setting the window permissions to personalize/personalize recursive on the portlet window has no effect. Right now the only permissions that actually seem to work are page wide permissions for view. Even if I set the whole page to personalize/recursive to admin only I can still edit any portlet on the page as a guest.
It seems either I am doing something wrong or the permission system doesn't work at all.
This is not I want to happen obviously.
It depends on the use case... On some use cases you may want to be able to see that it is secured so the user think about logging in to see the window in action.
Fortunately you can change the behavior:
put the key: ?core.render.window_access_denied to hide.
You will see other keys that you may want to change
We decided to make it developer friendly out of the box, so you know why a window doesn't appear (Is it broken ? is it secured ?...)
Thanks thomas. Hiding portlet in a page works fine now after changing window_access_right to hide. However I still have problem to hide page item in Catalog portlet(Menu portlet). More help please!
Ah, I see that makes sense then. I didn't look closely enough at these setting I assumed this was only for showing/hiding exception messages.
What about disabling the edit and help modes? I have been unable to figure that out as well. Any help would be appreciated. Thanks.