[opencms-dev] Advanced User Management

Marlen Jacob Marlen.Jacob at parship.de
Mon Oct 6 16:35:00 CEST 2008 

Hi everybody,

I'm asking for help for an advanced User Management.

Here is the current setup:

- sites
-- default
--- subfolder
---- folder a
----- folder a1
----- folder a2
---- folder b
----- folder b1
----- folder b2

In general I need for every folder three kinds of Users

Usertype A (Editor)
- who has access to eg. "folder a1" or "folder b2"
- is allowed to edit files in this folder
- who is NOT allowed to publish files
- all other folders are invisible

Usertye B (Manager)
- who has access to eg. "folder a1" or "folder b2"
- is allowed to edit files in this folder
- who is allowed to publish files in this folder
- all other folders are invisible

Usertye C (SuperManager)
- who has access to eg. "folder a1" AND "folder b2"
- is allowed to edit files in this folder
- who is allowed to publish all files
- all other folders are invisible


What I tried so far is:

for Usertype A (Editor):
- created an OrgUnit for Editors with "subfolder" as "Assigned Content" as recommended in the OpenCms 7 Book
- created in this OrgUnit a Group named "folder a1" and set "Project Co-Worker" true, no Parent Group
- created a User named "Editor Folder a1" in the OrgUnit and gave him the role "Workplace user"
- set Permissions for "folder a1" for "Group folder a1"
-- Direct Publish "denied"
-- Read "allowed"
-- Write "allowed"
-- Control "nothing"
-- View "allowed"
-- Responsible "nothing"
-- Overwrite inherited "allowed"
-- Inherit on subfolders "allowed"
- set for every other folder "view: denied" for Group "folder a1"

for Usertype B (Manager):
- created an OrgUnit for Managers with "subfolder" as "Assigned Content"
- created in this OrgUnit a Group named "folder a1" and set "Project Manager Group" true, no Parent Group
- created a User named "Manager Folder a1" in the OrgUnit and gave him the roles "Workplace user" and "Project manager"
- set Permissions for "folder a1" for "Group folder a1"
-- Direct Publish "allowed"
-- Read "allowed"
-- Write "allowed"
-- Control "nothing"
-- View "allowed"
-- Responsible "nothing"
-- Overwrite inherited "allowed"
-- Inherit on subfolders "allowed"
- set for every other folder "view: denied" for Group "folder a1"

I didn't made it to create a SuperManganger User, because what happend is:

There is no difference for "Editor Folder a1" and "Manager Folder a1". :/ Both are allowed to publish the site and to direct publish certain files.
This is my guess: it's because both are by default in the Group "User" of their OrgUnit - and this group is allowed to publish. What I want is, that both Usertypes are NOT allowed to publish in general. But if I take them out of this Group they lose their "Workplace user" role. If I give them this role back - the're in the "User" Group again.

What did I do wrong? How can I regulate the permission for the "publish project" and for "direct publish".
Or is there any other idea to configure this user setup? I'm open to every creative idea. ;)

Thanks a lot in advance!

Maj

PS: I promise, when I made it i'll write a tutorial about this, because this is missing a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20081006/ecc854dd/attachment.htm>

More information about the opencms-dev mailing list