increase per user security/view security granularity #2014

New Issue

OVERLORD · 2026-02-05T02:28:04+03:00

OVERLORD commented

2026-02-05 02:28:04 +03:00

Originally created by @modem7 on GitHub (Jan 6, 2021).

Describe the feature you'd like
Currently we are able to either set books/shelves/etc to "all" or "own". But that means that ultimately, Bookstack is lacking a middle option where we can lock down books/shelves to specific users.

E.g. Let's say I have a shelf called "Media watchlists", and in there, several books for different users. "Bob's watchlist", "Fred's watchlist" etc.

Whilst I can set permissions to "own" in a security group such as (for example) "Media Watchlist users", people would still be able to see all books if I set everything to "all" in public/viewer security groups, which technically would make public/viewer groups less restrictive than internal groups.

Basically, I would like to be able to hide/show books/shelves to different specific users rather than entire groups, whilst still allowing public/unregistered users to view public content that doesn't have specific permissions set.

I might be missing something of course, if so, please let me know!

Describe the benefits this feature would bring to BookStack users
This would allow the ability to selectively hide/show books at a user level, rather than at a group level.

Hopefully this makes sense!

Originally created by @modem7 on GitHub (Jan 6, 2021). **Describe the feature you'd like** Currently we are able to either set books/shelves/etc to "all" or "own". But that means that ultimately, Bookstack is lacking a middle option where we can lock down books/shelves to specific users. E.g. Let's say I have a shelf called "Media watchlists", and in there, several books for different users. "Bob's watchlist", "Fred's watchlist" etc. Whilst I can set permissions to "own" in a security group such as (for example) "Media Watchlist users", people would still be able to see all books if I set everything to "all" in public/viewer security groups, which technically would make public/viewer groups less restrictive than internal groups. Basically, I would like to be able to hide/show books/shelves to different specific users rather than entire groups, whilst still allowing public/unregistered users to view public content that doesn't have specific permissions set. I might be missing something of course, if so, please let me know! **Describe the benefits this feature would bring to BookStack users** This would allow the ability to selectively hide/show books at a user level, rather than at a group level. Hopefully this makes sense!

OVERLORD closed this issue

2026-02-05 02:28:12 +03:00

OVERLORD commented

2026-02-05 02:28:15 +03:00

@modem7 commented on GitHub (Jan 6, 2021):

Just to (try) to summarise and make it clearer:

Bookshelf: Media Watchlists (custom security - "Media Watchlist" group)
Books: Fred's Watchlist, Bob's Watchlist (custom security - "Media Watchlist" group)

Public/Viewer permissions - when they go to bookshelf should not be able to see Media Watchlist books or shelves, but are able to see all books that do not have specific permissions such as "Media Watchlist".

Media Watchlist permissions - They are able to see the bookshelf, but not only see all books that Public/Viewer can, but their own books under Media Watchlist Bookshelf. So if Fred logged in, he'd see public books/shelves + media watchlist bookshelf + "Fred's Watchlist" book, but not "Bob's Watchlist" book

I suspect that if under "custom permissions", there was an "all/own" system much like in group permissions, it would resolve this quite nicely, especially now that we can set owners.

So I'd be able set:

Bookshelf:
"Media Watchlist" group: View (all), everything else unticked.
All other roles: Unticked

Books:
"Media Watchlist" group: View (own), Update (own) permissions.
All other roles and boxes: Unticked

@modem7 commented on GitHub (Jan 6, 2021): Just to (try) to summarise and make it clearer: Bookshelf: Media Watchlists (custom security - "Media Watchlist" group) Books: Fred's Watchlist, Bob's Watchlist (custom security - "Media Watchlist" group) Public/Viewer permissions - when they go to bookshelf should not be able to see Media Watchlist books or shelves, but are able to see all books that do not have specific permissions such as "Media Watchlist". Media Watchlist permissions - They are able to see the bookshelf, but not only see all books that Public/Viewer can, but their own books under Media Watchlist Bookshelf. So if Fred logged in, he'd see public books/shelves + media watchlist bookshelf + "Fred's Watchlist" book, but not "Bob's Watchlist" book I suspect that if under "custom permissions", there was an "all/own" system much like in group permissions, it would resolve this quite nicely, especially now that we can set owners. So I'd be able set: Bookshelf: "Media Watchlist" group: View (all), everything else unticked. All other roles: Unticked Books: "Media Watchlist" group: View (own), Update (own) permissions. All other roles and boxes: Unticked

OVERLORD commented

2026-02-05 02:28:17 +03:00

@ssddanbrown commented on GitHub (Jan 7, 2021):

Thanks for the request @modem7.

This sounds like a combination of #410 and #1747 so I'm going to close this off to avoid overlapping issues.
There's a "Permission System Review" step on the roadmap where these kind of things will be considered.

@ssddanbrown commented on GitHub (Jan 7, 2021): Thanks for the request @modem7. This sounds like a combination of #410 and #1747 so I'm going to close this off to avoid overlapping issues. There's a "Permission System Review" step on the [roadmap](https://github.com/BookStackApp/BookStack#%EF%B8%8F-road-map) where these kind of things will be considered.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2014