Here is what I understand about "overriding the recursing permissions" (I am only using roles): for a given directory, if one overrides the read permission, i.e for at least one role, the read permission is redefined for all the roles (get it if explicitly selected / lose it if explicitly not selected). And also the write and manage permissions are redefined, even if their selection lists are not modified. It that right ? (anyway it is not so obvious for me - lots of tests to look over those grantings). The following tests have been done.
Well first this does not seem applicable to "admin" user : it keeps all the rights whatever I give or not to Administrators role. OK, I keep it apart. So I create "myAdmin" with the "Administrators" role. Here is what I got with "myAdmin" and the other users and directory we use in the previous posts (users with the same name as the role for each "myRole" and "myRole2") : - All the roles have the read permission on "/" excepted "anonymous" and "users", and "Administrators" have the write and manage permissions. - I redefined the read permission of "/default" : only "anonymous" and "users" have it this is OK, "myRole", "myRole2", "mySupervisor" and "myAdmin" have no more access to "default" neither to /default/index.html on the home page . | And they have always access to "/MyTopDirectory". | Anonymous and users have access to /default/index.html (what does happen if a user has "myRole" and "users" ?.... See that another time, above all on the directories access while using the CMS). - I redefined the write permission on "/MyTopDirectory" to give it to "mySupervisor" (the one that has to organize this directory) This is not OK because | 1) "access denied" exception happens to "mySupervisor" when trying "create folder" or "upload file" <<<< this is a big problem (1) | 2) "myRole", "myRole2" and "myAdmin" has no more read access to "/MyTopDirectory". | "myAdmin" cannot any more "create folder" in "/" : "java.lang.Exception: Not a valid basePath null". | But it works if there is another directory it has access (in the first test, there was no more accessible directory) <<<< this is (?) a small problem - I redefined the read permissions on "/MyTopDirectory" to give it to "myRole" and "myRole2", and the manage permission to "Administrators" 1) "myRole" and "myRole2" did not get the read permission <<<<< this is a big problem (2) | 2) "myAdmin" got the manage permission and the write permission Please tell me if I can do something to give write access to "/MyTopDirectory" for "mySupervisor" (cf. (1)) and read access to "/MyTopDirectory" for "myRole" and "myRole2" (cf. (2)). Thanks a lot. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4116498#4116498 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4116498 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
