[ccnet-user] Re: Weird behavior with CC 1.5 Security

Tue, 23 Mar 2010 18:30:38 -0700 

hi bbaltz,

I think the problem lies in the "defaults" tag in "internalSecurity".
I suggest you to remove the defaults tag and include the security for
each project in the project tag. So that we have more control over
which projects have access to whom including what they can do. Below
is an example of how I used security in one of my projects.

<security type="defaultProjectSecurity" defaultRight="Deny">
      <permissions>
          <rolePermission name="Developers" ref="Developers"
forceBuild="Allow"/>
      </permissions>
    </security>

Let me know if this fixed your issue.

Thanks,
Sriram.

bbaltz wrote:
> I have a couple projects configured on my CCnet 1.5 RC server. One is
> open for all to build. The other is only viewable and build-able by
> certain users in my Windows domain. The weird thing is that when one
> of the authenticated users logs in, the "secure" project then appears
> viewable by everyone. In addition, those unauthorized users can start/
> stop the secure project and the audit log shows the authenticated user
> as doing those events. I believe it's just a configuration error as I
> haven't seen anyone else mention it. Any glaring issues with my
> config? I had a hard time allowing unauthenticated users to be able to
> view and build the unsecure project initially.
>
>   <internalSecurity>
>     <audit>
>       <xmlFileAudit location="$(ccroot)\Logs\CCNet_Audit.xml"/>
>     </audit>
>     <auditReader type="xmlFileAuditReader" location="$(ccroot)\Logs
> \CCNet_Audit.xml"/>
>     <users>
>       <ldapUser name="*" domain="bunko.com"/>
>     </users>
>     <cache type="inMemoryCache" duration="120" mode="sliding" />
>     <permissions>
>       <rolePermission name="admin" defaultRight="Allow">
>         <users>
>           <userName name="bob"/>
>           <userName name="joe"/>
>         </users>
>       </rolePermission>
>     </permissions>
>     <defaults forceBuild="Allow" startProject="Allow"
> viewProject="Allow" viewConfiguration="Allow" defaultRight="Deny"></
> defaults>
>   </internalSecurity>
> ...
> <project name="open_to_everyone_project">
>    ...
>       <security type="defaultProjectSecurity" guest="*" >
>       </security>
> </project>
>
> <project name="secure_project">
> ...
>       <security type="defaultProjectSecurity" defaultRight="Deny"
> guest="">
>         <permissions>
>           <rolePermission name="admin" ref="admin"/>
>         </permissions>
>       </security>
> </project>
>
> Thanks.
> Brian

To unsubscribe from this group, send email to 
ccnet-user+unsubscribegooglegroups.com or reply to this email with the words 
"REMOVE ME" as the subject.

Reply via email to