[Feature Request] User can view only the specified shelves/books #1755

New Issue

Closed

opened 2026-02-05 01:47:00 +03:00 by OVERLORD · 14 comments

OVERLORD commented 2026-02-05 01:47:00 +03:00

Owner

Copy Link

Originally created by @fernandozap2 on GitHub (Jun 1, 2020).

Describe the feature you'd like
Manage what shelf or book an specific user account could access (all other would be invisible or read-only).

Describe the benefits this feature would bring to BookStack users
This allow share the bookstack system with users that could see or interact with just designated books.

Originally created by @fernandozap2 on GitHub (Jun 1, 2020). **Describe the feature you'd like** Manage what shelf or book an specific user account could access (all other would be invisible or read-only). **Describe the benefits this feature would bring to BookStack users** This allow share the bookstack system with users that could see or interact with just designated books.

OVERLORD closed this issue 2026-02-05 01:47:00 +03:00

OVERLORD commented 2026-02-05 01:47:02 +03:00

Author

Owner

Copy Link

@steelandt commented on GitHub (Jun 21, 2020):

This is exactly what I need. I see this on 2 levels:

• Making books visible to users (or user groups) or not, so with the role viewer
• Making books editable to users (or user groups) or not, so with the role editor
  This is an important feature in case you would want to use BookStack in larger communities.

@steelandt commented on GitHub (Jun 21, 2020): This is exactly what I need. I see this on 2 levels: - Making books visible to users (or user groups) or not, so with the role viewer - Making books editable to users (or user groups) or not, so with the role editor This is an important feature in case you would want to use BookStack in larger communities.

OVERLORD commented 2026-02-05 01:47:04 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 21, 2020):

You can currently create a role for a user, remove all view/edit/delete permissions for that user in their role settings, then assign permissions for that role for a particular shelf/book/chapter/page. Book/Chapter permissions will cascade down automatically.

If there a particular thing in the current permission flow that prevent you from doing what you need?

@ssddanbrown commented on GitHub (Jun 21, 2020): You can currently create a role for a user, remove all view/edit/delete permissions for that user in their role settings, then assign permissions for that role for a particular shelf/book/chapter/page. Book/Chapter permissions will cascade down automatically. If there a particular thing in the current permission flow that prevent you from doing what you need?

OVERLORD commented 2026-02-05 01:47:11 +03:00

Author

Owner

Copy Link

@fernandozap2 commented on GitHub (Jun 22, 2020):

You can currently create a role for a user, remove all view/edit/delete permissions for that user in their role settings, then assign permissions for that role for a particular shelf/book/chapter/page. Book/Chapter permissions will cascade down automatically.

If there a particular thing in the current permission flow that prevent you from doing what you need?

Tanks for replying! This can work, but now I wanna to allow access just to one chapter. I see it with the user that I give this permission and the book name doesn't appear. If I give him access to an chapter from another book, for him it looks like the same.
Anyway this is hard way to configure these things, 'cause you can't get a great view about user's permissions. Making it easy to leak something.
I suggest to keep all the permissions in one screen with a advanced permission changes, so you can list all books an users/group can access and then the options to view, create, update or delete for each book.

Just to let you know that Bookstack is a amazing tool! Me and my partners are loving it!

@fernandozap2 commented on GitHub (Jun 22, 2020): > You can currently create a role for a user, remove all view/edit/delete permissions for that user in their role settings, then assign permissions for that role for a particular shelf/book/chapter/page. Book/Chapter permissions will cascade down automatically. > > If there a particular thing in the current permission flow that prevent you from doing what you need? Tanks for replying! This can work, but now I wanna to allow access just to one chapter. I see it with the user that I give this permission and the book name doesn't appear. If I give him access to an chapter from another book, for him it looks like the same. Anyway this is hard way to configure these things, 'cause you can't get a great view about user's permissions. Making it easy to leak something. I suggest to keep all the permissions in one screen with a advanced permission changes, so you can list all books an users/group can access and then the options to view, create, update or delete for each book. Just to let you know that Bookstack is a amazing tool! Me and my partners are loving it!

OVERLORD commented 2026-02-05 01:47:17 +03:00

Author

Owner

Copy Link

@adocampo commented on GitHub (May 15, 2021):

Book/Chapter permissions will cascade down automatically.

After giving "read" permissions to a shelf for viewers, it didn't cascade into the books inside, I had to give the permissions to the books inside the shelf. Did I miss something?

@adocampo commented on GitHub (May 15, 2021): > Book/Chapter permissions will cascade down automatically. After giving "read" permissions to a shelf for viewers, it didn't cascade into the books inside, I had to give the permissions to the books inside the shelf. Did I miss something?

OVERLORD commented 2026-02-05 01:47:21 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (May 15, 2021):

@adocampo Shelf permissions don't cascade, Just books and chapters. There are UI & command-line options to copy shelf permissions down but it can't be done automatically/live.

@ssddanbrown commented on GitHub (May 15, 2021): @adocampo Shelf permissions don't cascade, Just books and chapters. There are UI & command-line options to copy shelf permissions down but it can't be done automatically/live.

OVERLORD commented 2026-02-05 01:47:26 +03:00

Author

Owner

Copy Link

@adocampo commented on GitHub (May 17, 2021):

Oh, I understood wrong then, I expected to put the permissions on the shelf and propagate to all the books inside.
Thank you for the tip, I need to pay attention to what is shown in the permissions settings on the shelf, as I didn't notice the "Copy Permissions to Books" section.

@adocampo commented on GitHub (May 17, 2021): Oh, I understood wrong then, I expected to put the permissions on the shelf and propagate to all the books inside. Thank you for the tip, I need to pay attention to what is shown in the permissions settings on the shelf, as I didn't notice the "Copy Permissions to Books" section.

OVERLORD commented 2026-02-05 01:47:30 +03:00

Author

Owner

Copy Link

@Rumcajsev commented on GitHub (Dec 1, 2021):

You can currently create a role for a user, remove all view/edit/delete permissions for that user in their role settings, then assign permissions for that role for a particular shelf/book/chapter/page. Book/Chapter permissions will cascade down automatically.

While this certainly works, it's a bit cumbersome solution, especially when working with many projects/people.
Currently when creating a new book, for which I want only specific group of people to have access I have to:

• Create a book
• Create a new user group
• Add each person individually, through their user settings page, to the newly created group
• Modify custom permissions for the newly created book

While this doesn't sound that complex on paper, this isn't very user-friendly when managing an instance with many users and groups. That's mostly because I have to navigate manually to each user setting to include them in a group.
Then, when modifying the custom book permissions, I have to browse through the list of all groups, which also is not that clear.

If not allowing for adding people directly to the book permissions (besides the groups system), maybe adding an option to add people to group directly from group page would simplify this? I'll check if there's a request for this already, if not I'll create one.

@Rumcajsev commented on GitHub (Dec 1, 2021): > You can currently create a role for a user, remove all view/edit/delete permissions for that user in their role settings, then assign permissions for that role for a particular shelf/book/chapter/page. Book/Chapter permissions will cascade down automatically. While this certainly works, it's a bit cumbersome solution, especially when working with many projects/people. Currently when creating a new book, for which I want only specific group of people to have access I have to: - Create a book - Create a new user group - Add each person individually, through their user settings page, to the newly created group - Modify custom permissions for the newly created book While this doesn't sound that complex on paper, this isn't very user-friendly when managing an instance with many users and groups. That's mostly because I have to navigate manually to each user setting to include them in a group. Then, when modifying the custom book permissions, I have to browse through the list of all groups, which also is not that clear. If not allowing for adding people directly to the book permissions (besides the groups system), maybe adding an option to add people to group directly from group page would simplify this? I'll check if there's a request for this already, if not I'll create one.

OVERLORD commented 2026-02-05 01:47:33 +03:00

Author

Owner

Copy Link

@jwillmer commented on GitHub (May 31, 2022):

Current system is hell! It took me an hour and a half today to set all book, chapter and page permissions to custom only to limit access for a a temporary group that do an audit of parts of our system. The problem is that permissions cascade.:

• I create a role with no permissions
• I assign pages to this role
• Then I noticed that the role wont see the page since access to the book/chapter is missing.
• So I set view permission on book level
• Now I had to set custom permissions on all pages the role should not see only to make one page in a book accessible

In short, the current permission system is not flexible enough for companies.

Edit: Is there a command to remove all custom permissions in the system? I really don't like to undo all of that manually after the review is over.

@jwillmer commented on GitHub (May 31, 2022): Current system is hell! It took me an hour and a half today to set all book, chapter and page permissions to custom only to limit access for a a temporary group that do an audit of parts of our system. The problem is that permissions cascade.: - I create a role with no permissions - I assign pages to this role - Then I noticed that the role wont see the page since access to the book/chapter is missing. - So I set view permission on book level - Now I had to set custom permissions on all pages the role should not see only to make one page in a book accessible In short, the current permission system is not flexible enough for companies. Edit: Is there a command to remove all custom permissions in the system? I really don't like to undo all of that manually after the review is over.

OVERLORD commented 2026-02-05 01:47:36 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (May 31, 2022):

In short, the current permission system is not flexible enough for companies.

For your company/use-case maybe. I'm aware there's room for improvement here, Reviewing the permission system is next on the roadmap.

Now I had to set custom permissions on all pages the role should not see only to make one page in a book accessible

This should not be true. You can make a page or chapter viewable without making the book visible. It will however affect discoverability since they won't find it via the book hierarchy but they can still access via another list (Such as recently updated) or a directly link, at which point they could add it to their favourites for easier future access.

Edit: Is there a command to remove all custom permissions in the system? I really don't like to undo all of that manually after the review is over.

No such command. Technically you could do this via the database combined with another command but I'm apprehensive to recommend this route as it's more error prone. On the search page there is a filter to identify items that have custom permissions applied which should help you gather a list of content to work from.

@ssddanbrown commented on GitHub (May 31, 2022): > In short, the current permission system is not flexible enough for companies. For your company/use-case maybe. I'm aware there's room for improvement here, Reviewing the permission system is next on the roadmap. > Now I had to set custom permissions on all pages the role should not see only to make one page in a book accessible This should not be true. You can make a page or chapter viewable without making the book visible. It will however affect discoverability since they won't find it via the book hierarchy but they can still access via another list (Such as recently updated) or a directly link, at which point they could add it to their favourites for easier future access. > Edit: Is there a command to remove all custom permissions in the system? I really don't like to undo all of that manually after the review is over. No such command. Technically you could do this via the database combined with another command but I'm apprehensive to recommend this route as it's more error prone. On the search page there is a filter to identify items that have custom permissions applied which should help you gather a list of content to work from.

OVERLORD commented 2026-02-05 01:47:41 +03:00

Author

Owner

Copy Link

@jwillmer commented on GitHub (Jun 1, 2022):

Please give me the dB fix. I have rolling backups and they are tested ;-) And yes, the discoverabillity is the issue for me.

@jwillmer commented on GitHub (Jun 1, 2022): Please give me the dB fix. I have rolling backups and they are tested ;-) And yes, the discoverabillity is the issue for me.

OVERLORD commented 2026-02-05 01:47:44 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jun 1, 2022):

@jwillmer I have not fully tested this, and still don't advise it, but this would be the database process:

truncate table entity_permissions;
update books set restricted=0 where restricted = 1;
update chapters set restricted=0 where restricted = 1;
update pages set restricted=0 where restricted = 1;
update bookshelves set restricted=0 where restricted = 1;

You'd then need to run the regenerate permissions command as detailed here:

https://www.bookstackapp.com/docs/admin/commands/#regenerate-access-permissions

@ssddanbrown commented on GitHub (Jun 1, 2022): @jwillmer I have not fully tested this, and still don't advise it, but this would be the database process: ```sql truncate table entity_permissions; update books set restricted=0 where restricted = 1; update chapters set restricted=0 where restricted = 1; update pages set restricted=0 where restricted = 1; update bookshelves set restricted=0 where restricted = 1; ``` You'd then need to run the regenerate permissions command as detailed here: https://www.bookstackapp.com/docs/admin/commands/#regenerate-access-permissions

OVERLORD commented 2026-02-05 01:47:47 +03:00

Author

Owner

Copy Link

@jwillmer commented on GitHub (Jun 1, 2022):

Awesome, I will revert back once the audit is over.

@jwillmer commented on GitHub (Jun 1, 2022): Awesome, I will revert back once the audit is over.

OVERLORD commented 2026-02-05 01:47:49 +03:00

Author

Owner

Copy Link

@jwillmer commented on GitHub (Jul 26, 2022):

Worked without any issues! Thanks again.

@jwillmer commented on GitHub (Jul 26, 2022): Worked without any issues! Thanks again.

OVERLORD commented 2026-02-05 01:47:52 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 1, 2023):

I'm going to close this issue off since the core request is fairly covered by #1747 and some of the other UX options discussed have also been separately raised in various forms.

@ssddanbrown commented on GitHub (Feb 1, 2023): I'm going to close this issue off since the core request is fairly covered by #1747 and some of the other UX options discussed have also been separately raised in various forms.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1755