Hi all - I have a question concerning roles and permissions. I have two portlets that have <security role="user" />. I have two people signed up in the system, one with "admin" and "user" roles, and one with just a "user" role. I took away maximize permissions from the user role. Now, I can add the two portlets with <security role="user" /> to each person's portal. However, the administrator has maximize permission, so something can happen to the portlet that I never intended, i.e. to maximize it. I try to express this intention by assigning the portlet the <security role="user" /> since this role does not have maximize permission assigned. So there seems to not be a way to enforce which permissions should be applied to which portlets. If a user has more than one role the maximum amount of permissions that can be applied to the user is applied, based on the permissions allowed to the roles.
The permission system is perfectly internally consistent, but is this intended? How does one enforce which permissions can be put on which portlets? Josh Hone Florida State University Physics Dept. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
