Allow role to delete own pages and chapters in specific shelves/books #3920

New Issue

Closed

opened 2026-02-05 07:51:51 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 07:51:51 +03:00

Owner

Copy Link

Originally created by @BEFRSE on GitHub (Jul 18, 2023).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

Hi,

we use bookstack across our company with multiple departments. We have one shelf with general information where everyone has access to. Also each department has their own shelf, which they manage on their own. The members of each department are in a corresponding AD-Group which we give access to the shelf.

We now want to allow the users to delete the pages and chapters they created. However it seems like this is not possible or at least we didn't find a way to accomplish it. While it's possible to set granular permissions to a role (i.e. allow deleting own pages and chapters, but not books), there's only a general "Delete" permission an content level. If "Delete" is unchecked for a book permission, the members of that role can't delete anything inside the book. As soon as "Delete" is checked, they can delete not only their own pages and chapters; they now can delete everything, including the whole book itself. Regardless of what is checked in the role permission settings.

Is there really no way to allow a group to only fully manage own pages/chapters but not for the whole wiki, only for specific books? If so, what could be a possible workaround?

Thanks in advance.

Exact BookStack Version

v23.06.2

Log Content

No response

PHP Version

No response

Hosting Environment

Ubuntu 20.04 LXC Container; installed using the official install script

Originally created by @BEFRSE on GitHub (Jul 18, 2023). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hi, we use bookstack across our company with multiple departments. We have one shelf with general information where everyone has access to. Also each department has their own shelf, which they manage on their own. The members of each department are in a corresponding AD-Group which we give access to the shelf. We now want to allow the users to delete the pages and chapters they created. However it seems like this is not possible or at least we didn't find a way to accomplish it. While it's possible to set granular permissions to a role (i.e. allow deleting own pages and chapters, but not books), there's only a general "Delete" permission an content level. If "Delete" is unchecked for a book permission, the members of that role can't delete anything inside the book. As soon as "Delete" is checked, they can delete not only their own pages and chapters; they now can delete everything, including the whole book itself. Regardless of what is checked in the role permission settings. Is there really no way to allow a group to only fully manage own pages/chapters but not for the whole wiki, only for specific books? If so, what could be a possible workaround? Thanks in advance. ### Exact BookStack Version v23.06.2 ### Log Content _No response_ ### PHP Version _No response_ ### Hosting Environment Ubuntu 20.04 LXC Container; installed using the official install script

OVERLORD added the 🐕 Support label 2026-02-05 07:51:51 +03:00

OVERLORD closed this issue 2026-02-05 07:51:53 +03:00

OVERLORD commented 2026-02-05 07:51:55 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 18, 2023):

Is there really no way to allow a group to only fully manage own pages/chapters but not for the whole wiki, only for specific books?

There are no "own" permission options outside the role permissions. If item-level permissions prevent inheritance, or if there's a more applicable/specific item-level role permission, then that will override any role-level permissions including "own" permissions.

If so, what could be a possible workaround?

Only to change the permission setup to avoid preventing role permission inheritance, or overrides to relevant roles.

---

Lightly related to #3964 and #1747.

@ssddanbrown commented on GitHub (Jul 18, 2023): > Is there really no way to allow a group to only fully manage own pages/chapters but not for the whole wiki, only for specific books? There are no "own" permission options outside the role permissions. If item-level permissions prevent inheritance, or if there's a more applicable/specific item-level role permission, then that will override any role-level permissions including "own" permissions. > If so, what could be a possible workaround? Only to change the permission setup to avoid preventing role permission inheritance, or overrides to relevant roles. --- Lightly related to #3964 and #1747.

OVERLORD commented 2026-02-05 07:51:58 +03:00

Author

Owner

Copy Link

@BEFRSE commented on GitHub (Jul 18, 2023):

Thank you. So in conclusion, with the current way the permission system is designed, what we are trying to accomplish is not possible, right? So we have to either allow the role to be able to delete everything inside the books (including the books themselves) or deny deleting everything at all, including pages/chapters they created.

@BEFRSE commented on GitHub (Jul 18, 2023): Thank you. So in conclusion, with the current way the permission system is designed, what we are trying to accomplish is not possible, right? So we have to either allow the role to be able to delete everything inside the books (including the books themselves) or deny deleting everything at all, including pages/chapters they created.

OVERLORD commented 2026-02-05 07:52:00 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 18, 2023):

It's hard to say without knowing the functional requirements of your situation (this is not a request for that detail though).
You can always set permissions at a chapter/page level too.
Sometimes it's possible to invert your approach, and use permissions to block instead of allow (or vice-versa) to avoid overriding.
Or it may be possible to be targeted with item-level overrides as to not require prevention of inheritance.

@ssddanbrown commented on GitHub (Jul 18, 2023): It's hard to say without knowing the functional requirements of your situation (this is not a request for that detail though). You can always set permissions at a chapter/page level too. Sometimes it's possible to invert your approach, and use permissions to block instead of allow (or vice-versa) to avoid overriding. Or it may be possible to be targeted with item-level overrides as to not require prevention of inheritance.

OVERLORD commented 2026-02-05 07:52:03 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 11, 2023):

Since there's been no further discussion since my last message on this support thread I'll go ahead and close this off.

@ssddanbrown commented on GitHub (Sep 11, 2023): Since there's been no further discussion since my last message on this support thread I'll go ahead and close this off.

OVERLORD commented 2026-02-05 07:52:04 +03:00

Author

Owner

Copy Link

@m-ocean-it commented on GitHub (Mar 29, 2024):

Greetings! The issue is relevant for my organization, too. It's weird that permissions on the role-level make distinction between own and rest content while content-level overrides don't.

Also, @BEFRSE, I wonder if you've found a solution.

@m-ocean-it commented on GitHub (Mar 29, 2024): Greetings! The issue is relevant for my organization, too. It's weird that permissions on the role-level make distinction between own and rest content while content-level overrides don't. Also, @BEFRSE, I wonder if you've found a solution.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v26.03.4

v26.03.3

v26.03.2

v26.03.1

v26.03

v25.12.9

v25.12.8

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3920