We are looking to provide access to a Portal and then on that Portal we would like to deny or grant access to specific groups. We are having an issue when we have a user in multiple groups being used.

For example. John is in SalesOrderGroup and MarketGroup.

I have added SalesOrderGoup and MarketGroup at the Portal Level to be able to read/open the Portal.

There are Two pages on this portal. Sales Order Page and Market Page. Since I have added the two groups at the portal level to be able view/run I have gone into the Sales Order Page and set the permissions to 'Denied' to the MarketGroup. This user needs to see this Sales Order Page, but since he is in the group as well that is denied, he will not see it.

My question: Since the security starts at the Portal Level and then from there the pages are 'Inherited' automatically. Is there a setting anywhere that will default the pages on the portal to 'Not Set' instead of 'Inherited' and then instead of us having to go in and set to 'Denied' we would just need to add the group we would wan to allow access to it?

Or is there any other ideas or suggestions to get around this issue beside going down to the user level for security?

Thanks,
Kristi Carter

This message has been edited. Last edited by: Tamra,

The most restrictive access level become the effective one as you've seen yourself.

If I remember well the way that I "fixed" that when I was at another company was to add the security from the other end.

I mean instead of granting the access and then deny it (upper to lower level), deny at the upper level to then grant to the lowest.

You need to think upside down than we normally do : deny then grant.

The proper way to do this is to grant them access to the portal with FOLDER ONLY permissions then grant each group access to the page you want them to access.