[
https://issues.apache.org/jira/browse/CONNECTORS-886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13895572#comment-13895572
]
Karl Wright commented on CONNECTORS-886:
----------------------------------------
Hi Abe-san,
Here's what I am thinking. First, if Windows only ever has one set of
additional parent acls, then having a dedicated "parent" set of ACLs makes
sense. But if Windows uses a set of ACLs for each directory level in the
hierarchy, then we should try to use the current system.
The Solr plugins need to either implement just the one "parent" set (so there
are three clauses rather than two), or if we use the "directory" abstraction
instead, then we have 2+N clauses, where N is some value supplied by
configuration of the plugin. That would include "share", "file",
"directory_0", "directory_1", etc.
I don't think it is necessary to be able to turn on or off individual sets of
ACLs in the Solr plugins, other than to provide a limit as described. If no
acls are provided for a set, then the clause for the set should simply not be
generated. This is how "share" acls work now; most connectors do not supply
them at all.
What do you think?
> Add support for Parent folder security
> --------------------------------------
>
> Key: CONNECTORS-886
> URL: https://issues.apache.org/jira/browse/CONNECTORS-886
> Project: ManifoldCF
> Issue Type: Improvement
> Components: JCIFS connector, Solr-4.x-component
> Reporter: Shinichiro Abe
> Fix For: ManifoldCF 1.6
>
> Attachments: CONNECTORS-886-forSolrPlugin.patch, CONNECTORS-886.patch
>
>
> Windows server checks the access permission of a share folder and the
> security permission of a file document when we access a file via network.
> As far as I look into that, Windows does not take subfolder's security
> permissions into account.
> There is a case that someone who is admin wants to configure 'Everyone' for
> 'share folders' and configure each access permissions for 'sub folders'.
> E.g. \\ShareFolder\Admin --> Admin folder for administrative user,
> \\ShareFolder\Sales --> Sales folder for sales user.
> The users put files in 'sub folders', then the permission of these files will
> be inherited from the permission of 'sub folders'.
> I'd like to support access permissions for 'sub folders' in jcifs/solr
> connector.
> In general, we expect file's permission to be inherited from parent folder.
> So I want to manage parent's security by providing new [allow|deny]_token
> fields.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
