[opencms-dev] Who are "All others" in relation to ACL?

Christoph Fröhlich cfauto at folge2.de
Fri Dec 14 08:47:52 CET 2012 

You didn't mention it, but I assume you added an Access Control Entry on folder fA for user uA to allow him to read fA?

Am 12.12.2012 um 14:00 schrieb Claus Priisholm <cpr at codedroids.com>:

> Ok, makes sense (and probably makes permission dialog much less verbose in some cases). What I am seeing makes less sense (or so it seems), but that may be because it does something that I don't expect when having a parent folder with sub-folders.
> 
> I have UserA belonging to GroupA and UserB belonging to GroupB.
> 
> I have a parent folder P and two sub-folders A and B, I want the general public to be denied to "read"  anything inside P,  UserA should be able to read A (and its contents)  but not B (and vice versa for UserB).
> 
> So far my attempts involving setting permissions for "All others" by removing +r+v (and setting "overwrite inherited" and "inherit to subfolders") from folder P all ends with e.g. UserA getting false back from cmsObject.existsResource(".../P/A"). It almost appears like it overrules the other permission settings (whether they be on folder P or one of the sub-folders, or both).
> 
> I can work around it, for my purpose, but maybe there is some speciel behaviour that escapes me when using "All others" and inherit to sub-folders.  
> 
> Brs
> Claus
> 
> 2012/12/12 Alexander Kandzior <alex at opencms.org>
> „All others“ in OpenCms ACLs means all other users that do not have explicit permissions set on that resource.
> 
>  
> 
> Use case example: You have settings for “Guests” (no permissions) and group “A” (full permissions) on a folder X. You also have multiple other groups (say B-Z). If you set “All other” on the folder X then this will not apply to “Guests” and “A”, because these have explicit permissions set on the folder, but for all other groups (B-Z).
> 
>  
> 
> Kind Regards,
> 
> Alex.
> 
> 
> -------------------
> 
> Alexander Kandzior
> 
>                                                              
> 
> Alkacon Software GmbH  - The OpenCms Experts                
> 
> http://www.alkacon.com - http://www.opencms.org                 
> 
>  
> 
>  
> 
> From: opencms-dev-bounces at opencms.org [mailto:opencms-dev-bounces at opencms.org] On Behalf Of Claus Priisholm
> Sent: Tuesday, December 11, 2012 6:15 PM
> To: The OpenCms mailing list
> Subject: [opencms-dev] Who are "All others" in relation to ACL?
> 
>  
> 
>  
> 
> Is it a new kind of "Guests" or just a kind of short cut? I am on 8.5.
> 
>  
> 
> From the UI: "Select to set permissions for users with no defined access control entry"
> 
> 
> 
> I have a couple of groups in a non-root org-unit (say A and B), they have access to a specific folder inside a parent folder (AFolder and BFolder) where +r+v is added for A and B. They do not have a parent group. 
> 
>  
> 
> When I remove +r+v from the "All others" on the parent folder (overwrite inherited, inherit to subfolders) then a user belonging to A-group  no longer can see the AFolder. So it seems that a user - who is member of a group - falls under the "All others" umbrella. Maybe that makes sense in that (at least in one attempt) there was no mention of the A-group on the parent-folder, so "all others" apply at that point in the folder hierarchy.
> 
>  
> 
> If the "All others" is removed from the parent folder then the A-group user can see the AFolder... but also the BFolder (as expected).
> 
>  
> 
> If the "All others" is removed from the parent folder but is set on the AFolder directly with +r+v removed as before, along side the added +r+v for the A-group, then  the A-group user can no longer see the AFolder. 
> 
>  
> 
> -- 
> Claus Priisholm
> 
> +45 48 22 46 46
> 
> cpr (you know what) codedroids.com
> 
>  
> 
> 
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
> 
> 
> 
> 
> 
> 
> 
> -- 
> Claus Priisholm
> +45 48 22 46 46
> cpr (you know what) codedroids.com
> 
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
> 
> 
> 

-------------------------------------------------
Christoph Fröhlich
Folge 3 GmbH
Stresemannstraße 161
22769 Hamburg

+49 +40  79 69 48 78
cf at folge3.de
http://www.folge3.de
-------------------------------------------------
Geschäftsführer: Christoph Fröhlich, Anja Künzel
Handelsregister: HRB 105806, Amtsgericht Hamburg 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20121214/0028de53/attachment.htm>

More information about the opencms-dev mailing list