Similar to Jan Phillip, we have a small setup where we give permissions
to groups and then I can add or remove users from the groups fairly easily.
On 4/6/2011 4:54 AM, Keith Edmunds wrote:
We have a customer with a large public folder hierarchy. They occasionally
make requests to have the public folder ACLs changed; for example: "please
give user X access to all public folders" (that's nearly 1700 folders).
Worse: "please give user Y access to all sales folders" (there are 1450
sales folders).
So on all your sales folders, you have a few groups:
sales-full-access
sales-read-only
everything-full-access
everything-read-only
Your user X, you would maybe put in the "everything-full-access" group.
User Y would get added to the "sales-full-access" group.
The problem is that there are (naturally) spaces in the folder names,
which makes command line manipulation challenging. We've ended up with
some astonishingly hacky Python scripts that enter each folder starting
with (for example) ".sales" and replacing the dovecot-acl file to try to
fulfil the above requests. One day our script are going to get it wrong,
or requests will become more complex ("give X access all sales/CustA
folders, Y access to all sales/CustB folders, and Z access to all sales
folders). There must be a Better Way.
This part gets a little trickier, but you could still do it with groups.
How do others manage divergent ACLs within large public folder hierarchies?
Again, we have a small setup -- nothing so large as yours... so even my
suggestions may not be the best for you.
Thanks,
Keith
