Users can adjust sorting of sites they can only read (have read access)

Enonic version: 6.15.6
OS: Ubuntu 18.04 Linux

We have an installation that have three site nodes in it. I’ll call them from now on /siteA, /siteB and /siteC.
We would like to set user groups with permissions to specific sites so that one cannot access/modify contents of a site he/she doesn’t have rights to.

We were able to get this done by creating two user groups and adding users to them, so a site the user does not have full access shows up to them as grayed out (with read permissions).
The user cannot publish or save contents on those grayed out sites, though, they are being able to modify the sorting of the contents of those sites, which is not what we want.

Below I’ll try to explain what was done so far.

  1. We have 3 sites: siteA, siteB, siteC
  2. we created 2 user groups: userGroupA, which can acess siteA and siteB, and userGroupB, which can acess siteC.

the userGroupA has roles

  • Administration Console login
  • Content Manager app
  • roleA

and userGroupB has roles

  • Administration Console login
  • Content Manager app
  • roleB
  1. also, we created two roles, roleA, used by userGroupA, and roleB, used by userGroupB.
  • roleA is used by siteA and siteB
  • roleB is used by siteC
  • both roleA and roleB have full access to their respective sites.

Though, a user belonging to userGroupB are being able to adjust the sorting of both siteA and siteB, which belongs to userGroupA.
Is it possible to not allow this to happen?

The ideal solution would be users from userGroupB not being able to see the sites siteA and siteB (from userGroupA). Though, today they can read those sites as well.

So, again, is it possible to restrict the possibility of modifying the sorting while having the role Everyone (can read) in the sites? If so, how can we achieve this?

Thank you in advance!

Right now, the answer is Nope. A followups question: are your sites sharing any content, or is the case simply that you have multiple sites and nowhere else to put them?

They kind of share contents are they all are “one site”, but in three versions/languages for each site, such as /fr /en, etc.

I see.
We will be offering a solution for this in multiple ways throughout 2020. Content projects (multi-repo support), default permissons per repo, and layers (i.e. for language handling).