Always check in the bug database before posting. There are a lot of new and open bugs.
My be the same:
http://ez.no/community/forum/install_configuration/3_5_0rc2_anonymous_permanently_gets_access_denied http://ez.no/community/bugs/access_denied_for_anonymous_user
Thanks for your hint.
Changing user - anonymus - role - user - login to siteaccess "any" instead of a certain specified siteaccess, as it came up by default, makes the new siteaccess work.
Does this imply any unwanted sideeffects? 3.4.4 behaved differently.
The behavior you are seeing is perfectly normal. What we have changed prior to earlier versions is that the setup wizard will not give user/login/* permissions. Instead it will create login permissions only on the siteaccesses it has generated. This improves the security of the default installation.
There is some confusion to the function of user/login due to it's naming.
Here is how it works:
- a user (which is not disabled) is always allowed to log in using the username/password field if the user/login is set except for the anonymous user who can not log in (no passwords are accepted) - The user/login setting also controls if that user is able to see anything in that siteaccess at all.
Thanks for the explanation Frederik,
now is clear but is better to add some documentation somewhere. (i.e. in Tutorial and multilingual docs)
In few days three different person make the same confusion.
By the way the name don't suggest what you could expect, so why not change it into more clear (ie. user/access).
You must be logged in to post messages in this topic!