<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Verdana size=2><SPAN class=590003805-17092006>I'd be grateful
for some quick help in understanding the OpenCms security model, which is
surprisingly poorly documented given its significance.</SPAN></FONT></DIV>
<DIV><FONT face=Verdana size=2><SPAN
class=590003805-17092006></SPAN></FONT> </DIV>
<DIV><FONT face=Verdana size=2><SPAN class=590003805-17092006>1. If I
deactivate the 'Guests' group, and even the 'Guest' user as well, I can still
browse my OpenCms site when not logged in. Of course, I'm only doing this
to experiment with OpenCms security - but could someone tell me why this is
possible? Is it a bug or am I missing something?</SPAN></FONT></DIV>
<DIV><FONT face=Verdana size=2><SPAN
class=590003805-17092006></SPAN></FONT> </DIV>
<DIV><FONT><SPAN class=590003805-17092006><FONT face=Verdana size=2>2.
What right does the abbreviation 'l' (for 'lima') correspond to? For all
groups and users in a default installation and for any resource, 'l' is shown
preceded by the negative sign... but what is it? As an example, the
Administrators group's rights for a resource are given as
+r+w+v+c+d-l.</FONT></SPAN></FONT></DIV>
<DIV><FONT face=Verdana size=2><SPAN
class=590003805-17092006></SPAN></FONT> </DIV>
<DIV><FONT face=Verdana size=2><SPAN class=590003805-17092006>3. What is
the difference between 'read' and 'view'? Is it that 'read' corresponds to
reading a resource's contents, and 'view' just to seeing that the resource
exists (and presumably reading its properties)?</SPAN></FONT></DIV>
<DIV><FONT face=Verdana size=2><SPAN
class=590003805-17092006></SPAN></FONT> </DIV>
<DIV><FONT face=Verdana size=2><SPAN class=590003805-17092006>4. When
adding resource permissions on a resource, it is possible to explicitly allow or
deny various rights (read, write, control and direct publish). There is
also an 'overwrite inherited' checkbox. Does this mean that (i) without
'overwrite inherited', settings made here for r, w, c and d apply only if
they haven't been explicitly set on an ancestor resource, and (ii) if 'overwrite
inherited' is checked, then settings made here for those rights apply whether or
not set on an ancestor? And are 'allow' and 'deny' treated equally in this
respect, does an explicit denial not require 'overwrite
inherited'?</SPAN></FONT></DIV>
<DIV><FONT face=Verdana size=2><SPAN
class=590003805-17092006></SPAN></FONT> </DIV>
<DIV><FONT face=Verdana size=2><SPAN
class=590003805-17092006>Julie</SPAN></FONT></DIV></BODY></HTML>