[opencms-dev] OpenCms6b1: problems with ACL

Stephan Hartmann beffe at beffe.de
Wed Feb 23 15:48:39 CET 2005


Hi Carsten,

> Hi,
>
> - this is not a bug: you cannot overwrite denials on a resource tree,
> overwrite works (intentionally) only for allowed permissions.
>
> For this reason, you must revoke the allowed permissions for group1 on
> folder2 by creating a new access control entry with "overwrite inherited"
> checked only (no permissions granted)

I don't know if i understood this exactly, but it doesn't change anything,
still no write access for all groups.

> - or you must not inherit the
> permissions of group1 at folder1, and add another access control entry for
> group2 at folder2.

I assume you mean group3 ;-)
But i just wanted to avoid this. Each group has its own subfolder and is the
only group with write access to its folder. If i have ten groups and ten
subfolders, i would have to make at least nine acl entries for each
subfolder, and for every newly created subgoup/subfolder i would have to add
another acl entry to each existing subfolder plus x - 1 entries for the new
subfolder (where x is the number of groups).

What is the reason for not allowing to overwrite denials?

Regards,
Stephan

>
> Regards,
> Carsten
>
> Carsten Weinholz
> Alkacon Software - The OpenCms Experts
> http://www.alkacon.com
>
-----Ursprüngliche Nachricht-----
Von: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] Im Auftrag von Stephan Hartmann
Gesendet: Mittwoch, 23. Februar 2005 13:01
An: opencms-dev at opencms.org
Betreff: [opencms-dev] OpenCms6b1: problems with ACL


Hi developers,

i have some problems with acl and access rights.
I have a folder "folder1" which contains a subfolder "folder2". Additionally
i have new groups: "group1" which is a subgroup of Users and "group2",
"group3", ... which are all subgroups of group1. I want to achieve that only
group2 has write access to folder2, but not the other subgroups of group1.
For folder1 i added a new acl entry for group "group1". In this entry i deny
write access to folder1 for group1 with "overwrite inherited" and "inherit
on subfolders" checked. This denies write acces to folder1 and its
subfolders for group1 and all its subgroups. For folder2 i added a new acl
entry for "group2". In this entry i grant all rights to this group2 with
"overwrite inherited" and "inherit on subfolders" checked. I would now
expect that members of group2 can write to folder2 but they can't. Is it a
bug?

Regards,
Stephan




_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev



_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev





More information about the opencms-dev mailing list