Hiding Content From Portal Navigation Does Not Secure It Against Access. By Scott Birnbaum

Hiding portal content references and/or folders from Portal Navigation does not secure them. That is to say, it does not deny user access. Many folders and components are hidden from portal navigation by design, since the user is expected to access these portal menu items via links in web pages.

If you want to prevent anybody/everybody from obtaining authorized access to particular content, then you need to remove authorizations to said content.

I recently visited a customer who wanted to deny access to web pages used to Manage Table Spaces on the database.

We walked through some simple steps in order to identify which permission lists, roles and users were currently granted access to this particular CREF (Content Reference).

1. We copied the CREF Portal Label (the character string of the link in the Portal Navigation) into the Windows Clip Board.
2. We navigated to PeopleTools> Portal> View Menu Item Details.
3. We changed the Search By from "Portal Object Name" to "Portal Label"
4. We pasted the character string from the clip board into the Search Dialogue Box and clicked OK.

The View Menu Item Details page displayed 3 lists:
Authorized Permission Lists
Authorized Roles
Authorized Users

5. We downloaded the list of Authorized Permission Lists, using the download icon on the header bar of the grid.
6. We noted the folder navigation to the Manage Tablespace CREF
7. We navigated to PeopleTools> Portal> Structure and Content and drilled down the folders hierarchy to the Manage Table Space CREF and clicked the Edit link, which took us to the Portal Registry Structure definition for the CREF.
8. We copied the PIA menu name and component name into NOTEPAD.
9. We clicked the "Security" tab, which took us to a list of authorized permission lists.
10. We clicked on the "View Definition" link for the permission list, which took us to the permission list definition in Update mode.
11. We went to the "Pages" tab, which lists the menus containing authorized components (UTILITIES for this item) and clicked the edit components link.
12. We then click "Edit" for the selected component (Manage Table Space)
13. Clicked "De-select All", then OK, then OK, then Save.
14. We repeated these steps for each of the permission lists, which granted access to the component.
15. We then returned to "View Menu Item Details" in order to verify that the Portal Registry permissions had been updated, in this case they were removed.