First, upgrade to 2.1.

Then, go to the "Personal Workspaces" folder and remove "All Users" from being participant or visitor. This will make user names not visible to the normal user. You have to add people back in to this ACL if you want them to be able to view users.

In 2.1, there is an extra capability that lets you allow people to "see users who are in the same groups". This is done from the Site Administration menu (Access Control for Zone Administration Functions).

Ok, now you are pretty close. The next thing you want to do is modify the access controls for the "User Workspace" template. (Also done form the Site Administration menu). You want to remove the default "All Users" access. If you don't do this, then people will be able to see other user names by looking at the list of user workspaces. Unfortunately, if you already have a bunch of users already using the system, you will have to have them each remove "all users" from their workspaces. Changing the template only affects users added after the change is made.

Peter, many thanks for your reply. The problem I see with your solution is, that users (since they don't see each other at all) are not able to modify the access rules of their personal workspaces. I am looking for a solution that does not display any personal data by default but lets users grant rights to other user. Therefore a basic search possibility must be available, but browsing a table with cn, fullname, email, etc. should be impossible. Interestingly, in this kablink-installtion the Link "Personal Workspacers" shows an empty page (the table with userlist is missing), but Search is available in the header. This might come close to want I need. But I can not reproduce this setting in my kablink-installation. Do you know, why this happens here? Do you have any other tips that might help me?

Thanks and regards, oliver

Hi Oliver, I think what they did on this site is make a custom workspace view to not display the userlist. You can still find users with the Find People quick search option abd the Search option  and add them to the Access Control list.

Marcel, you may be right. I could also disable the userlist-table by creating a new profilelist-view without the profilelist-element. The only problem I have now is that even admins can not use the userlist, since this is a global setting. Is there a way of hiding the userlist only to "normal" users?

Not that I can think of except coding it yourself. I never use the list, so for me it's acceptable that the admin user cannot see it also. I always use the find function.

I looked at the Personal Workspaces folder. We don't use any special folder definition. (Although I did reset the definitions last night to get up to the 2.1 set up.) So, unless the reset undid something I don't know why you aren't seeing the list.

In the next release, I have added a new role/right called "Can see binder title". This role will let you designate that a person can view a folder but unless they have the "Read entries" right, they won't see any of the entries in the folder. This lets you give some people the ability to view everything, while hiding the entries from other users. This would work perfectly for what you want to do.

You could also solve your problem by making a custom version of the profiles list jsp. All you need to do is turn off the folder list for everyone except those is the admin group.

Peter, thanks for the hint regarding the custom jsp. Could you please provide some sample code of how to access user/group information in a custom jsp-page. Unfortunately I couldnt find any documentation of the jsp-api to the kablink objects and methods.

And whats also interesting: The userlist in my installtion now disappears for normal users like in the kablink-forum. This is very strange and I have the feeling that this has something to do whether users are imported via ldap or not (at least that was the only thing that i changed). But I cant reset this. Could you check, if this behavior (userlist not visible to "normal" users when users have created their own account) is reproducible?

thanks and regards, oliver.

You can get the list of groups that the current user is in by using ${ssUser.memberOf}. This is a list of group ids. So, your code would have to know the group number of the group you want to check for. The code might look like:

<c:forEach var="groupId" items="${ssUser.memberOf}">

<c:if test="${groupId == '42'}">

do whatever...

</c:if>

</c:forEach>

If user lists are not visible to some users on your system, try re-indexing the search index. You do this from the Site Administration/Manage Search Index page. It could be that somehow the index isn't being updated properly in some circumstance (although we haven't had any reports of situations like this). Let us know if that fixes the problem.

Peter, re-indexing the search index has no effect regarding the userlist. The userlist still only shows up for the admin-account (so does it here for my account in this forum, can you valdiate this with a normal user account?). Do you have any more ideas? Thanks for the jsp-code snippet, that helped me. Is there a documentation for how using the objects like ssUser? Thanks and greetings, Oliver

Hi, I've checked this on several other 2.1 systems, and it seems that there's a bug that is preventing other users then admin to see the userlist or creating users from the Personal Workspaces workspace. Even if you grant other users the role of workspace creator or workspace administrator they still can not see the list or create users. You are also not able to delete the workspace of a deleted user, but you can delete the user or create one through the site admin page.

I have no idea what is going on for either of you (Oliver or Marcel).

Can you take a screen shot of the Access Control table for the Personal Workspaces page so I can see how access is set up?

Also, a screen shot of the Access Control table from the Site Administration page that shows the ACLs for the administrative functions would be helpful, too.

Hi Peter, attached are the screenshots. BTW the behaviour is the same on this site, where I'm pretty sure that you were able to see the userlist before.

I can't see exactly what you have done. You have a new role (Alleen Lezen) that you are using. I don't know what rights that has afforded to the members of that role. Also, you have a group named klanten in use at the zone admin level. This group is in the "Can only see members of groups I'm in" role. That means that everyone in the klanten group  is only allowed to see other users that share a common group. This is most likely what is causing your users to not see everyone. Try turning off this setting.

Hi Peter, my user is not in those groups, so I don't think that the problem is in that. Only the Admin user can see the userlist, but my user is able to create a user through the Site Admin. As Oliver pointed out the behaviour is the same on the Kablink site as well.

Peter, maybe it would be helpful, if you try to register as a normal user in this kablink-installation and then try to access the userlist. In my case, this is not possible, I only see an empty (white) page. Access-Rights say that I should have rights to view all profiles. I can not explain why I dont see the userlist here and that might be the same situation in my and marcels installation. thanks and greetings, oliver

I have tried this on this site. The problem with this site is that we turn off the ability to read user profiles. So, regular users cannot search for user names nor can they view the personal workspaces listing.

Turned out that Peter is right. If I grant my user the visitor role then I can see the list of users. My created role (Alleen lezen - aka Read Only) also has rights to view, but that doesn't seem enough to display the userlist. Could it be that users need to be in the visitor role? Even users that are members of the workspace administrator or workspace creator roles are not allowed to see list if they are not members of the role Visitor also.

My mistake. The All users group needs to have rights to view (Visitor role). Only then you are able to see the list. At least on the two systems I tested this with.

But then again. On a third system, this isn't working. Compared the rights to the two other systems and there the same, but on this system (even after re-indexing) no other user then Admin can see the list. If I look at the Who has Acess page, it shows that the All users has the right to view the list.

You really need to check the Site Administration/Access Control for Administrative Functions page to see if someone set the "Can only see members of the group I'm in" role. This could cause that.

No, that role isn't used on this particular system.