[opencms-dev] Who are "All others" in relation to ACL?

Claus Priisholm cpr at codedroids.com
Wed Dec 12 14:00:01 CET 2012 

Ok, makes sense (and probably makes permission dialog much less verbose in
some cases). What I am seeing makes less sense (or so it seems), but that
may be because it does something that I don't expect when having a parent
folder with sub-folders.

I have UserA belonging to GroupA and UserB belonging to GroupB.

I have a parent folder P and two sub-folders A and B, I want the general
public to be denied to "read"  anything inside P,  UserA should be able to
read A (and its contents)  but not B (and vice versa for UserB).

So far my attempts involving setting permissions for "All others" by
removing +r+v (and setting "overwrite inherited" and "inherit to
subfolders") from folder P all ends with e.g. UserA getting false back from
cmsObject.existsResource(".../P/A"). It almost appears like it overrules
the other permission settings (whether they be on folder P or one of the
sub-folders, or both).

I can work around it, for my purpose, but maybe there is some speciel
behaviour that escapes me when using "All others" and inherit to
sub-folders.

Brs
Claus

2012/12/12 Alexander Kandzior <alex at opencms.org>

> „All others“ in OpenCms ACLs means all other users that do not have
> explicit permissions set on that resource. ****
>
> ** **
>
> Use case example: You have settings for “Guests” (no permissions) and
> group “A” (full permissions) on a folder X. You also have multiple other
> groups (say B-Z). If you set “All other” on the folder X then this will not
> apply to “Guests” and “A”, because these have explicit permissions set on
> the folder, but for all other groups (B-Z). ****
>
> ** **
>
> Kind Regards,****
>
> Alex.****
>
> ****
>
> -------------------****
>
> Alexander Kandzior****
>
>                                                               ****
>
> Alkacon Software GmbH  - The OpenCms Experts                 ****
>
> http://www.alkacon.com - http://www.opencms.org                  ****
>
> ** **
>
> ** **
>
> *From:* opencms-dev-bounces at opencms.org [mailto:
> opencms-dev-bounces at opencms.org] *On Behalf Of *Claus Priisholm
> *Sent:* Tuesday, December 11, 2012 6:15 PM
> *To:* The OpenCms mailing list
> *Subject:* [opencms-dev] Who are "All others" in relation to ACL?****
>
> ** **
>
> ** **
>
> Is it a new kind of "Guests" or just a kind of short cut? I am on 8.5.****
>
> ** **
>
> From the UI: "Select to set permissions for users with no defined access
> control entry"****
>
>
> ****
>
> I have a couple of groups in a non-root org-unit (say A and B), they have
> access to a specific folder inside a parent folder (AFolder and BFolder)
> where +r+v is added for A and B. They do not have a parent group. ****
>
> ** **
>
> When I remove +r+v from the "All others" on the parent folder (overwrite
> inherited, inherit to subfolders) then a user belonging to A-group  no
> longer can see the AFolder. So it seems that a user - who is member of a
> group - falls under the "All others" umbrella. Maybe that makes sense in
> that (at least in one attempt) there was no mention of the A-group on the
> parent-folder, so "all others" apply at that point in the folder hierarchy.
> ****
>
> ** **
>
> If the "All others" is removed from the parent folder then the A-group
> user can see the AFolder... but also the BFolder (as expected).****
>
> ** **
>
> If the "All others" is removed from the parent folder but is set on the
> AFolder directly with +r+v removed as before, along side the added +r+v for
> the A-group, then  the A-group user can no longer see the AFolder. ****
>
> ** **
>
> --
> Claus Priisholm****
>
> +45 48 22 46 46****
>
> cpr (you know what) codedroids.com****
>
> ** **
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>
>
>
>
>


-- 
Claus Priisholm
+45 48 22 46 46
cpr (you know what) codedroids.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20121212/c0c9da2d/attachment.htm>

More information about the opencms-dev mailing list