Enonic version: Enonic XP 7.8.5 OS: Pop!_OS 20.04 LTS
Greetings!
I and my team were trying to prevent external users from accessing our test servers’ live mode. Basically, block live mode access (and return a 401) for non-logged-in users.
I removed the ‘Everyone’ and ‘Anonymous’ roles in ‘Edit Permissions’ tab in the site content and after publishing it, we noticed that nobody could access the site’s live mode anymore.
My user has more than enough permissions to access the content, but they still get a 401
Setting permissions on a site itself might not be enough. Check if your site has fragments with insufficient permissions. Or if a page template itself has insufficient permissions. Or if controller of the page is trying to access some other content which current user doesn’t have enough permissions for.
Also, there’s a simpler way to achieve what you want: remove all permissions and allow it for the Authenticated role.
Our currently recommended way of doing this in a test environment is to block access in network layer, i.e. by configuring your webserver to block access.
Another quickfix is to prevent google from indexing test environments is setting this header in your webserver: x-robots-tag noindex, nofollow
This approach will work permanently vs changing permissions on data that might be frequently updated/refreshed from production.