Hi Joakim, thanks for your answer. If there were users with less permission than guest, that would be alright for me. What I meant is, that even if I make the new user "Repository Observer" he is still not able to browse the WebDAV repository. I revoked "Repository Observer" from Guest becuase I do not want guests to be able to browse or upload to repositories. Do I have to validate a new user?
Thanks, Markus Joakim Erdfelt wrote: > This is a confusing mess of roles ATM. > > You just pointed out a flaw in the design of the security. > > The roles that the Guest user has are not copied (or linked) to new users. > > It is quite possible for new users to have *LESS* permission than a > guest (anonymous) user! > > I just discussed this with my partner in security crime, Jesse > McConnell, and we are working on a solution to this oversight. > > - Joakim Erdfelt > > Markus Reil wrote: >> Hi, >> >> I built archiva from trunk rev. 521889. >> If I assign the role Repository Observer to Guest I can access the >> repository but I a newly created user. >> The user I created does not have the "Validated" flag set in the User >> Management page. Is that the reason? >> Then how can I validate the user? Is an E-Mail confirmation needed? >> Unfortunately I am not able to send E-Mail from my server. >> >> Thanks in advance for any help. >> >> Best Regards, >> Markus >> >> > >
