Thanks for the help. I attempted to follow your instructions for a mandatory KSC and
Help Tab but ran into some problems:
In my security.xreg file I added the following entry:
<security-entry name="user-view_km-control">
<meta-info>
<title>User+V and KM+C</title>
<description>Mandatory Tab and Portlets Security Entry</description>
</meta-info>
<access action="*">
<allow-if role="KM"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="java:org.apache.jetspeed.om.registry.base.BaseSecurityAllow"/>
</access>
<access action="view">
<allow-if role="user"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="java:org.apache.jetspeed.om.registry.base.BaseSecurityAllow"/>
</access>
</security-entry>
I suspect the above is incorrect. You mentioned below to add a security group called
KM (which I did) but then refer to KM as a role ??? I think I am confused with your
instruction -
create a security ID using the Security Browser called
user-view_km-control with the perms: View Role User, * Role KM
What is wrong here?
[EMAIL PROTECTED]
Internet Business Manager
Computing Systems Services Branch
Information Technology Directorate
IT-D3-A / CIF 394B
Kennedy Space Center, FL 32899
(W) 321-861-2207 (F) 321-867-7133
-----Original Message-----
From: Fletcher, Boyd C. J9C534 [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2003 10:31 PM
To: Jetspeed Users List
Subject: RE: Mandatory Tab / Portlets
yep. there are two ways to do it that we have found:
1) use role merging - problem with role merging is that if you change
the KSC pane you will run into problems since the role merging is only
done on initial account login. With some creative use of references you
can sorta alleviate problem but then you have problems with the top
level panes being updated (i.e. if you want to add a new mandatory top
level pane, etc...)
2) use references and some extra accounts
We choose option two. The following is a description of the process.
For example, HQ is the select pane. it consists of sub panes that are
mandatory. The only pane a user can change is MyArea
__HQ__ | Helpdesk | MyArea
Home | Ops | Plans | Logistics
We create a the following users for each pane
HQ = _hq
Home = _hq_home
Ops = _hq_ops
Plans = _hq_plans
Logistics = _hq_logistics
Helpdesk = _helpdesk
no user is created for MyArea since that is owned by the user.
create a security group called KM
create a security ID using the Security Browser called
user-view_km-control with the perms: View Role User, * Role KM
add all the _* users to the KM group
Then, we create a new user called _newuser than "owns" the top level
page.
Each pane is created as a reference so the _newuser and _hq users need
to be in the Jetspeed Admin role so they can use the Add Reference
function.
login as each _hq_* and _helpdesk user and create a page for them. make
sure the page and portlet perms are set to user-view_km-control
login as _hq and create a menu pane, and add references to the _hq_*
users' panes.
login as _newuser and add a menu pane and then add references to _HQ,
_Helpdesk, and create a MyArea pane for the user with the "Owner"
permssion set. _HQ and _Helpdesk should have the user-view_km-control
perm set.
login as turbine and delete everything and create a reference to the
_newuser psml file.
then if you have your users inherit turbine's config on login you should
be good to go. The user can edit the MyArea but nothing else. If you
chane any pane the contents are updated for each affected user as soon
as the page is reloaded/redisplayed.
I can send you copy of our .psml files if you are interested.
boyd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
