Allow anonymous accces option on Enhanced Permissions Macro


As a user of Enhanced Permissions Macro would like the ability to add anonymous users view of an excerpt.

The use case is to have an excerpt on a page that is otherwise locked down to logged in users, then make an include on a page that is available to anonymous users.

Freshdesk Tickets


Create a Support Ticket


Ture Hoefner
October 14, 2020, 7:49 PM

We have determined that this poses a security risk and will not be implementing it. See the previous comment about excerpting content for anonymous users using pages that are accessible by anonymous users.

Ture Hoefner
May 14, 2020, 8:02 PM

A feature like this would have to be opt-in by the admin user, using a new toggle on the MultiExcerpt admin tool. Allowing anonymous access to restricted content via a MultiExcerpt Enhanced Permissions (MEEP) macro implies responsibility to the content contributors to never put any sensitive information in the body of a MEEP macro. The same responsibility exists today with the use of a MEEP and a list of allowed users/groups but the consequences of a mistake are much larger if it is exposed to anonymous users.

Our recommendation for this use-case (expose content to pages accessible by anonymous users) is to only include content on anonymous-access pages by excerpting content from a page that is, itself, accessible by anonymous users. If that content is needed on a restricted page then use a MultiExcerpt Include to get it there. Use another MultiExcerpt Include to expose it on an anonymous page. Do not use a restricted page as the original source of any content that is to be exposed anonymously.

Out of Scope




Leslie Gilbert