Make entity level permissions more selective #349

New Issue

OVERLORD · 2026-02-04T18:57:08+03:00

OVERLORD commented

2026-02-04 18:57:08 +03:00

Originally created by @ssddanbrown on GitHub (Jun 4, 2017).

Currently, When enabling entity-level permission, It will affect all roles, requiring the permissions to be re-set-up for every role. This is due to the fact that is was really first implemented as a 'restriction' system rather than a 'permission' system.

Instead, This should be done on a per-role basis so you could set custom permissions for a single role but all others would inherit the defaults. Would make use-cases such as that in #407 much easier.

Note suggestions in #2698

Originally created by @ssddanbrown on GitHub (Jun 4, 2017). Currently, When enabling entity-level permission, It will affect all roles, requiring the permissions to be re-set-up for every role. This is due to the fact that is was really first implemented as a 'restriction' system rather than a 'permission' system. Instead, This should be done on a per-role basis so you could set custom permissions for a single role but all others would inherit the defaults. Would make use-cases such as that in #407 much easier. --- Note suggestions in #2698

OVERLORD added the 🛠️ Enhancement 💿 Database labels 2026-02-04 18:57:08 +03:00

OVERLORD closed this issue

2026-02-04 18:57:11 +03:00

OVERLORD commented

2026-02-04 18:57:26 +03:00

@fexxes commented on GitHub (Nov 28, 2020):

Hi,

i am new to bookstack and i wonder if something is already done to this subject.

In my case most of the books and shelves would be private. But it would be awesome if i could pick a single shelve or a book and set the permission for public viewing.

In the moment i can check
allow public access under Settings

and everything which has not enabled the
Enable Custom Permission and not give the role public explicit no rights to the entity is shown.

The biggest problem here is that the default for new stuff is in this case: public access allowed.

I would love to have the possibility to create a new shelve and enable public viewing for this shelf and inerhit this permission to all books/chapter/pages in this shelve. So i can use public shelves and privat shelves... an if i like to change the inerhit to a czstim permission i can do this with Enable Custom Permission

@fexxes commented on GitHub (Nov 28, 2020): Hi, i am new to bookstack and i wonder if something is already done to this subject. In my case most of the books and shelves would be private. But it would be awesome if i could pick a single shelve or a book and set the permission for public viewing. In the moment i can check _**allow public access**_ under _**Settings**_ and everything which has not enabled the _**Enable Custom Permission**_ and not give the role _**public**_ explicit no rights to the entity is shown. The biggest problem here is that the default for new stuff is in this case: public access allowed. I would love to have the possibility to create a new shelve and enable public viewing for this shelf and inerhit this permission to all books/chapter/pages in this shelve. So i can use public shelves and privat shelves... an if i like to change the inerhit to a czstim permission i can do this with _**Enable Custom Permission**_

OVERLORD commented

2026-02-04 18:57:40 +03:00

@ssddanbrown commented on GitHub (Nov 28, 2020):

Hi @fexxes,

The biggest problem here is that the default for new stuff is in this case: public access allowed.

That is the default but this is configurable. You should have a "Guest" user in your system. Permissions for public users are controlled through this account. By default, this user is assigned the "Public" user role. You can edit this role and remove existing permissions, including the default "View" permissions, to prevent access by default. You'll then be able to enable permissions on a shelf/book/chapter/page level for this role where required.

I would love to have the possibility to create a new shelve and enable public viewing for this shelf and inerhit this permission to all books/chapter/pages in this shelve.

Book and Chapter permissions will automatically cascade to child items unless specifically overridden.
Shelf permissions do not auto-cascade (Due to the nature that books can be in multiple shelves) but there is a helper action, when viewing shelf permissions, that allows you to auto copy the permissions of a shelf to books within. There is also a command for this if you wanted to auto-run this ability on a schedule.

@ssddanbrown commented on GitHub (Nov 28, 2020): Hi @fexxes, > The biggest problem here is that the default for new stuff is in this case: public access allowed. That is the default but this is configurable. You should have a "Guest" user in your system. Permissions for public users are controlled through this account. By default, this user is assigned the "Public" user role. You can edit this role and remove existing permissions, including the default "View" permissions, to prevent access by default. You'll then be able to enable permissions on a shelf/book/chapter/page level for this role where required. > I would love to have the possibility to create a new shelve and enable public viewing for this shelf and inerhit this permission to all books/chapter/pages in this shelve. Book and Chapter permissions will automatically cascade to child items unless specifically overridden. Shelf permissions do not auto-cascade (Due to the nature that books can be in multiple shelves) but there is a helper action, when viewing shelf permissions, that allows you to auto copy the permissions of a shelf to books within. There is also a command for this if you wanted to auto-run this ability on a schedule.

OVERLORD commented

2026-02-04 18:57:48 +03:00

@fexxes commented on GitHub (Nov 28, 2020):

Hi,

thank you for the fast respone. I read about the user and the role but i miss the point before. Thank you for the hint. I delete all permissions for the public role and add the permissions for the guest user where they are needed.

Works like a charm ;)

Also thank you für the information about Books/chapters and pages.. this was very handy.

@fexxes commented on GitHub (Nov 28, 2020): Hi, thank you for the fast respone. I read about the user and the role but i miss the point before. Thank you for the hint. I delete all permissions for the public role and add the permissions for the guest user where they are needed. Works like a charm ;) Also thank you für the information about Books/chapters and pages.. this was very handy.

OVERLORD commented

2026-02-04 18:57:52 +03:00

@ssddanbrown commented on GitHub (Oct 14, 2022):

This has now been implemented as part of #3760

@ssddanbrown commented on GitHub (Oct 14, 2022): This has now been implemented as part of #3760

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#349