James - I believe that someone can alter their security-id since it is a parameter for the portlet. what you need to do is attach a security role to the security-id that would not allow a user to have the ability to customize that aspect of their portlet.
For example, other parameters such as TimeToLive can be seen by any user as long as there is not security restriction on the parameter. Once you place a security restriction on the parameter, a user must fit that profile to change it. This is the way things were in the last release, maybe someone can chime in with their experience? Josh >From: "Locum, James" <[EMAIL PROTECTED]> >Reply-To: "Jetspeed Users List" <[EMAIL PROTECTED]> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >Subject: Setting security-id for portlet sets. >Date: Thu, 29 Aug 2002 10:19:57 -0400 > >I am thinking of implementing a portal such that a user will have no >customize ability for a project's main portal page. In addition to this >main page, a "user" pane will also be available (tab-pane) which will have >full customization. I've been able to set up the security ref's and .psml >docs to reflect this. The problem that I don't know how to fix is that the >user has the ability to change the security-id for his "user" pane to a >value that effectively removes his ability to customize or even view the >pane. > >I can change the customizer-portletset-layout.vm template to restrict this >behavior. Is this an unforeseen bug, or am I missing some configuration >know-how? Is anybody else working on this? > >Thanks for any replies. > >Jim Locum >ACS > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
