[opencms-dev] Simple permissons questions
Julie Courtney
julie.courtney at resultstream.com
Sun Sep 17 09:04:07 CEST 2006
I'd be grateful for some quick help in understanding the OpenCms security
model, which is surprisingly poorly documented given its significance.
1. If I deactivate the 'Guests' group, and even the 'Guest' user as well, I
can still browse my OpenCms site when not logged in. Of course, I'm only
doing this to experiment with OpenCms security - but could someone tell me
why this is possible? Is it a bug or am I missing something?
2. What right does the abbreviation 'l' (for 'lima') correspond to? For
all groups and users in a default installation and for any resource, 'l' is
shown preceded by the negative sign... but what is it? As an example, the
Administrators group's rights for a resource are given as +r+w+v+c+d-l.
3. What is the difference between 'read' and 'view'? Is it that 'read'
corresponds to reading a resource's contents, and 'view' just to seeing that
the resource exists (and presumably reading its properties)?
4. When adding resource permissions on a resource, it is possible to
explicitly allow or deny various rights (read, write, control and direct
publish). There is also an 'overwrite inherited' checkbox. Does this mean
that (i) without 'overwrite inherited', settings made here for r, w, c and d
apply only if they haven't been explicitly set on an ancestor resource, and
(ii) if 'overwrite inherited' is checked, then settings made here for those
rights apply whether or not set on an ancestor? And are 'allow' and 'deny'
treated equally in this respect, does an explicit denial not require
'overwrite inherited'?
Julie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20060917/2b94030c/attachment.htm>
More information about the opencms-dev
mailing list