[JIRA] Resolved: (NXP-913) as a temporary solution, remove members group belonging for user Administrator

[Thierry Delprat (JIRA NUXEO)]

Issue (View Online) Key: NXP-913 Issue Type: Improvement Status: Resolved Priority: Minor Resolution: Fixed Assignee: Thierry Delprat Reporter: Alain Escaffre Operations View all View comments View history as a temporary solution, remove members group belonging for user Administrator  Updated: 27/04/07 18:33   Created: 27/04/07 16:25   The following issue has been resolved as FIXED. Project: Nuxeo Enterprise Platform 5 Affects Versions: 5.1 M1 Fix Versions: 5.1 M2  Description    The problem is that if we do a refuse read on a folder for members group, Administrator user can't read it anymore. So to avoid this, two solutions :    *1, temporary : Administrator doesn't belong anymore to users        *2 the ace are all analysed, instead of stopping at the first ace that fits and there is a security rule at DOMAIN LEVEL that specify the algorithme between those two : first rule (the most common i think):                   - the user principal ace is the strongest                   - then if there is only group ace that fit, if there is one authorised the result is authorised                second rule (when security is very high):                  - the user principal ace is the strongest                   - then if there is only group ace that fit, if there is one refused the result is refused another technical solution would be to order the groups, but it is not functionnaly accetable (I don'tknowall the groups when i create mine) This message was automatically generated by Atlassian JIRA Enterprise Edition, Version: 3.7.2-186 - Bug/feature request. If you think it was sent incorrectly, contact one of this server's administrators.

_______________________________________________
ECM-tickets mailing list
ECM-tickets@lists.nuxeo.com
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets