Scott, > When adding a portlet through the customizer, it's security ref > is set to the " services.PortalToolkit.default.user.security.ref" > value in JS.props. > > Is this correct? > > I can see this for portlet sets but not for individual portlets > that may have tighter restriction set at the registry level. I > vote that this logic be removed as it can give a user more access > then what was intended. >
I see your point. The default user security ref is 'owner-only' so if registry-level security for a portlet is more restrictive, 'owner-only' would override it. I still think that default security ref is a useful feature. My vote would be to not set default security ref if registry-level constraint exists. Can you open a Bugzilla issue for this so we can track this change? Best regards, Mark Orciuch - [EMAIL PROTECTED] Jakarta Jetspeed - Enterprise Portal in Java http://jakarta.apache.org/jetspeed/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
