DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37403>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37403 Summary: restricetd access to admin-area doesn't work Product: Lenya Version: 1.2.4 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Default Publication AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I wanted to create a user-group which has restricted access to the admin-area. Each member of this group should be able to create other members but nothing more. Member: PCA_1 Group: PCA_Bereich1 role: testrole (id: testrole) So I edited the subtree-policy.acml: ********************************************* <?xml version="1.0" encoding="UTF-8"?> <ac:policy xmlns:ac="http://apache.org/cocoon/lenya/ac/1.0"; ssl="false"> <ac:group id="PCA_Bereich1"> <ac:role id="testrole"/> </ac:group> <ac:group id="admin"> <ac:role id="admin"/> </ac:group> </ac:policy> ********************************************* and the usecase-policies.xml: ********************************************* <?xml version="1.0"?> <usecases xmlns="http://apache.org/cocoon/lenya/ac/1.0";> <usecase id="create"><role id="edit"/></usecase> <usecase id="archive"><role id="edit"/></usecase> <usecase id="delete"><role id="edit"/></usecase> <usecase id="restore"><role id="edit"/></usecase> <usecase id="userChangeProfile"><role id="edit"/><role id="admin"/></usecase> <usecase id="userChangePasswordUser"><role id="edit"/></usecase> <usecase id="userChangePasswordAdmin"><role id="admin"/></usecase> <usecase id="userChangeGroups"><role id="admin"/></usecase> <usecase id="userAddUser"><role id="testrole"/></usecase> </usecases> ********************************************* Now the user "PCA_1", which is member of the group "PCA_Bereich1" and has the role "testrole", should have only rights to add an user. The problem is, that he has full access to the admin-area. He can add/delete groups, delete user, change passwords... -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
