[jira] [Commented] (CONNECTORS-886) Add support for Parent folder security

Mon, 10 Feb 2014 00:20:08 -0800 

    [ 
https://issues.apache.org/jira/browse/CONNECTORS-886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13896304#comment-13896304
 ] 

Karl Wright commented on CONNECTORS-886:
----------------------------------------

Hi Abe-san,

I hope you had a good weekend.

I bet you are working now to revise the patch.  Before you do, though, I think 
it is a good idea to explain what SMB (and by extension, Windows) supports in 
this area.  The big question in my mind is whether the Windows model for 
security for a document \\share\x\y\z is either A or B below:

A:

<share acls for "share">
<document acls for "\\share\x\y\z">
<folder acls for "\\share\x">
<folder acls for "\\share\x\y">

or B:

<share acls for "share">
<document acls for "\\share\x\y\z">
<"parent" acls for "\\share\x\y", which include all parent levels folded 
together>

If B, your original solution is the most correct.  So this is important to know.

Thanks,
Karl


> Add support for Parent folder security
> --------------------------------------
>
>                 Key: CONNECTORS-886
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-886
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: JCIFS connector, Solr-4.x-component
>            Reporter: Shinichiro Abe
>             Fix For: ManifoldCF 1.6
>
>         Attachments: CONNECTORS-886-forSolrPlugin.patch, CONNECTORS-886.patch
>
>
> Windows server checks the access permission of a share folder and the 
> security permission of a file document when we access a file via network.
> As far as I look into that, Windows does not take subfolder's security 
> permissions into account.
> There is a case that someone who is admin wants to configure 'Everyone' for 
> 'share folders' and configure each access permissions for 'sub folders'.
> E.g. \\ShareFolder\Admin --> Admin folder for administrative user,  
> \\ShareFolder\Sales  --> Sales folder for sales user.
> The users put files in 'sub folders', then the permission of these files will 
> be inherited from the permission of 'sub folders'.
> I'd like to support access permissions for 'sub folders' in jcifs/solr 
> connector.
> In general, we expect file's permission to be inherited from parent folder.
> So I want to manage parent's security by providing new [allow|deny]_token 
> fields.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to