<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=DE link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-GB
style='font-size:12.0pt'>Hi everybody,<br>
<br>
I'm asking for help for an advanced User Management.<br>
<br>
Here is the current setup:<br>
<br>
- sites<br>
-- default<br>
--- subfolder<br>
---- folder a<br>
----- folder a1<br>
----- folder a2<br>
---- folder b<br>
----- folder b1<br>
----- folder b2<br>
<br>
In general I need for every folder three kinds of Users<br>
<br>
Usertype A (Editor)<br>
- who has access to eg. "folder a1" or "folder b2"<br>
- is allowed to edit files in this folder<br>
- <b><span style='font-weight:bold'>who is NOT allowed to publish files</span></b><br>
- all other folders are invisible<br>
<br>
Usertye B (Manager)<br>
- who has access to eg. "folder a1" or "folder b2"<br>
- is allowed to edit files in this folder<br>
- <b><span style='font-weight:bold'>who is allowed to publish files in this
folder</span></b><br>
- all other folders are invisible<br>
<br>
Usertye C (SuperManager)<br>
- who has access to eg. "folder a1" <b><span style='font-weight:bold'>AND</span></b>
"folder b2"<br>
- is allowed to edit files in this folder<br>
- <b><span style='font-weight:bold'>who is allowed to publish all files</span></b><br>
- all other folders are invisible<br>
<br>
<br>
What I tried so far is:<br>
<br>
<b><span style='font-weight:bold'>for Usertype A (Editor):</span></b><br>
- created an OrgUnit for Editors with "subfolder" as "Assigned
Content" as recommended in the OpenCms 7 Book <br>
- created in this OrgUnit a Group named "folder a1" and set
"Project Co-Worker" true, no Parent Group<br>
- created a User named "Editor Folder a1" in the OrgUnit and gave him
the role "Workplace user"<br>
- set Permissions for "folder a1" for "Group folder a1"<br>
-- Direct Publish <b><span style='font-weight:bold'>"denied"</span></b><br>
-- Read "allowed"<br>
-- Write "allowed"<br>
-- Control "nothing"<br>
-- View "allowed"<br>
-- Responsible "nothing"<br>
-- Overwrite inherited "allowed"<br>
-- Inherit on subfolders "allowed"<br>
- set for every other folder "view: denied" for Group "folder
a1"<br>
<br>
<b><span style='font-weight:bold'>for Usertype B (Manager):</span></b><br>
- created an OrgUnit for Managers with "subfolder" as "Assigned
Content"<br>
- created in this OrgUnit a Group named "folder a1" and set
"Project Manager Group" true, no Parent Group<br>
- created a User named "Manager Folder a1" in the OrgUnit and gave
him the roles <b><span style='font-weight:bold'>"Workplace user"</span></b>
and <b><span style='font-weight:bold'>"Project manager"</span></b><br>
- set Permissions for "folder a1" for "Group folder a1"<br>
-- Direct Publish <b><span style='font-weight:bold'>"allowed"</span></b><br>
-- Read "allowed"<br>
-- Write "allowed"<br>
-- Control "nothing"<br>
-- View "allowed"<br>
-- Responsible "nothing"<br>
-- Overwrite inherited "allowed"<br>
-- Inherit on subfolders "allowed"<br>
- set for every other folder "view: denied" for Group "folder
a1"<br>
<br>
I didn't made it to create a SuperManganger User, because what happend is:<br>
<br>
There is no difference for "Editor Folder a1" and "Manager
Folder a1". :/ Both are allowed to publish the site and to direct publish
certain files.<br>
This is my guess: it's because both are by default in the Group
"User" of their OrgUnit - and this group is allowed to publish. What
I want is, that both Usertypes <b><span style='font-weight:bold'>are NOT
allowed to publish in general.</span></b> But if I take them out of this Group
they lose their "Workplace user" role. If I give them this role back
- the're in the "User" Group again.<br>
<br>
What did I do wrong? How can I regulate the permission for the "publish
project" and for "direct publish".<br>
Or is there any other idea to configure this user setup? I'm open to every
creative idea. ;)<br>
<br>
Thanks a lot in advance!<br>
<br>
Maj <br>
<br>
PS: I promise, when I made it i'll write a tutorial about this, because this is
missing a lot!</span></font><font size=2 face=Arial><span lang=EN-GB
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
</div>
</body>
</html>