This site has been archived. To learn more about our current products Ibexa Content, Ibexa Experience, Ibexa Commerce head over to the Ibexa Developer Portal

eZ Community » Forums » Setup & design » Howto "jail" admin to a root node?

Howto "jail" admin to a root node?

Howto "jail" admin to a root node?

Tuesday 23 September 2014 11:40:30 pm - 10 replies

I'm having a goat setting up a multi-site setup.

I have multiple sites sharing the same content repository.  I have the regular sites working well.

Now I am on to setting up the admin.  I need to have the admin locked down to each tree_root plus shared content outside of the tree_root.

I have read a lot in the forum and googling but am having issues putting it all together.

Do I have to override the browse.ini?
How do I change the root tree for the content tree menu?
Setup new permission per siteaccess? 

What are multi-site best practices? 

I would love to get this sorted out and post some guide so that it is clear to others how this can be accomplished beyond setting up a new tree_root.

Wednesday 24 September 2014 12:33:34 am

Hello Douglas,

Good news! You can do all the things your asking about.

I recommend creating 'editor' siteaccesses customized to meet your needs and leave the default admin alone as sort of root user admin to globally control the eZ Publish installation. I've done this before with great success.

 Override browse.ini: Create a copy of settings/browses.ini into settings/siteaccess/name_of_editor_admin_siteaccess/browse.ini.append.php and edit to meet your needs.

Change root node: Create a copy of settings/content.ini into settings/siteaccess/name_of_editor_admin_siteaccess/content.ini.append.php and edit to meet your needs. Remember to change the 'RootNode' setting happy.gif Emoticon

Custom role policy permissions: Use '/role/list' and '/role/edit/3' module views to create new roles and policies for your editors custom policy permission needs. Study the role and policy area heavily as it is very powerful and flexible yet takes some actual practice use to learn to master it. Remember to remind yourself that most policies are not siteaccess specific because they do not need to be so try to shift your thought processes into new more flexible directions.

Editor design: You may even want to create a custom editor design extension to aid you in your quest by allowing you to customize templates used in your editor siteaccess. I have with great success.

I'm afraid I'm low on sleep tonight so that will have to be it from me for now. I'll leave your more general questions about multi-site best practices to others to answer. I hope my answers help get you started.

Please feel free to ask more questions as you think of them or encounter new bunny trails / roadblocks.

I hope this helps. Good luck on your blog post about multi-site mastery happy.gif Emoticon


Modified on Wednesday 24 September 2014 12:52:42 am by // Heath

Wednesday 24 September 2014 4:22:25 am

Thank you for you excellent direction.

I have my content structure setup like this:


I have create a new siteacces for the site1_admin. I have the admin starting on the correct rootnode and the treemenu is using the correct root.

I am trying to get the media placement to be setup now to go into the Media folder for the correct site

Under content.ini.append.php I added


When adding an image it is uploading it to the wrong media root.

Can this be changed?

Wednesday 24 September 2014 5:19:32 am

Hello Douglas,

First, your welcome. I'm happy to help. 

Second, I woke up early and I thought I would respond real quick.

Third, Because there are many kinds of uploading I need you to provide -reproducible- step by step instructions on how your trying to upload images into the media tree before I can tell you how to fix your more recent breakdown. Though in short to answer your question I'm sure it can be changed I just need to know the how to be able to answer the what happy.gif Emoticon

Thanks for understanding.


Modified on Wednesday 24 September 2014 5:19:57 am by // Heath

Wednesday 24 September 2014 5:33:16 am

Hello Douglas,

Sorry for the trouble. I was still not awake.

Your prolly talking about uploading content while editing other content using ezoe. If so you need to ...

Change upload root node: Override settings/upload.ini and customize [LocationSettings] RootNode. 

To do this create a copy of settings/upload.ini into settings/siteaccess/name_of_editor_admin_siteaccess/upload.ini.append.php and edit to meet your needs.

Remember to either use a lower case representation of your new root node for the media tree url or a Node ID for this change to work.

Also remember to clear ini and template caches. If you can afford it just clear all caches to be certain.

I hope this helps!


Modified on Wednesday 24 September 2014 5:38:57 am by // Heath

Wednesday 24 September 2014 6:12:14 am

Thank you again for your response.  You are correct it is when upload via ezoe.

I have upload.ini.append.php:


Unfortunately ezoe when inserting image does not respect this is is still putting into the main images folder.

I have cleared the cache(manually too) with no success.

Wednesday 24 September 2014 6:29:34 am

Found the correct place to override the uploaded image from the editor.



Wednesday 24 September 2014 6:50:47 am

Hello Douglas,

Congratulations! I'm glad you found the automatic (by content class identifier) assignment ini settings. Sorry I left those out of my last message.

Let us know when you have more questions happy.gif Emoticon


Wednesday 24 September 2014 6:38:45 pm

I am setting up roles now.  I have decided to take Heath's suggestion and use the existing editor role.

I am going to add the role to the user with subtree limitations to their tree in the content repository.

At the moment this looks like the best route.

Does any one have any other suggestions on how to handle permissions for multisite or see any issues going this route?

Saturday 27 September 2014 12:56:58 am


Douglas continued his quest for answers in this related thread:


Tuesday 22 May 2018 9:44:42 am

Hi guys, I know this is a very old thread, but just in cause it's still relevant: Legacy is not quite safe to use out of the box in this kind of multi-site scenario. Admins who can use the package system can upload PHP scripts, which can be used to gain access the admin should otherwise not have. If you can't trust your admins 100%, please disable the package system. See:


You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from