On 6 Jul 2010, at 10:15, Alexander Klimetschek wrote:
> On Tue, Jul 6, 2010 at 11:13, Alexander Klimetschek <aklim...@day.com> wrote:
>> On Tue, Jul 6, 2010 at 10:21, Ian Boston <i...@tfd.co.uk> wrote:
>>> A follow up on this, low level permissions wont work since they cant
>>> discriminate between list children and get child.
>>
>> Rereading your original mail now, I note that I didn't see that you
>> still want the sub nodes to be accessible. Then my answer is no
>> solution, of course ;-)
>
> Actually principal-based access controls make my suggestion simpler to
> setup, especially the second point:
We still have the list all children problem here.
The data protection policy that is driving this is that, we have 50K users, all
with user ID's we have to prevent anyone from getting a list of the user ID's,
but still allow someone who knows the user ID to access the content. Its the
same as the UserDir module in Apache httpd ie /~ieb
>
>> - /_user and /_user/ieb are readable for anonymous, the other children
>> of /_user are denied
>> - if "ieb" is a user-specific path, you have to authenticate users and
>> work with specific users instead of anonymous
>
> Regards,
> Alex
>
> --
> Alexander Klimetschek
> alexander.klimetsc...@day.com
