Since 1.4b4 contains quitte some bugs that have been fixed, I recommend switching to 1.4 final while waiting for 1.5...
-Stijn ----- Original Message ----- From: "Archana Turaga" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 17, 2004 8:42 PM Subject: Re: Security questions Thanks for the info. Although i think this is not valid in 1.4b4 which is what i'm using. Based on the e-mail that you sent today it seems as if this information is incorporated into 1.5. But 1.5 is not a official release yet...i hope it becomes official pretty soon. In that case if we are using 1.4b4 we can live with having roles and users and never use groups(which do not seem to have a meaning in 1.4b4). Thanks again for your response. Helped me at least visualise what is possible, Regards, Archana >>> [EMAIL PROTECTED] 02/16/04 12:35AM >>> On Saturday, February 14, 2004, at 05:44 PM, Archana Turaga wrote: > Hi, > The following questions: > > 1. What is the purpose of groups in jetspeed? Just like Role-based > PSML is there group-based PSML? > Groups represent a collection of users much in the same way groups are used in operating systems. Thus you can 'group' collections of users together in order to apply security constraints to those users. For example, you could create a constraint that granted view and customize access to all users in group 'A', but only view access to group 'B' Try playing around with the Security Browser portlet to get a feel for how security constraints apply to groups, users and rules. Also take a look at the authorization (AccessControl) API in Jetspeed Security. There are APIs for granting and revoking roles to users, and for users joining and removing from groups. Also, there are APIs fro granting and revoking roles in the context of a group. This is because Jetspeed tries to be flexible in its security model. We support a user having different roles when they are in a different groups. A use case would be "Anne is the Project manager in Group A (which could be a project), but she is Chief Engineer in Group B (another project) Thus groups could abstractly represent "projects" or "domains", or just organizational groups. Speaking of organizations, in J2 we plan to support hierarchies of roles and groups. If you don't need roles inside of groups, we have the global group concept. The 'Jetspeed' is the global group, as reflected in the API. This gives the possibility of organizing your security model with disjoint (no) associations between roles and groups. > 2. What is really the meaning of owner-only security permission? > This means that only the owner is granted access to a resource. For example, a portlet on a page could be restricted to only the owner customizing the portlet. > 3. Is it possible to do Role-based PSML for a particular role? Suppose > i want to have a set of users under the Role "Operator" to have > role-based PSML and the users under "Admin" user-based PSML (if this > is a vaild term)? Yes, your scenario is possible. Jetspeed first looks under the user-based PSML, if it fails to find a PSML page for the user, it when then look under the (first) role. > > Trying to get these terms cleared so that i can come up with a clear > security model for a project. > > Thanks for your time and patience. > > Regards, > Archana > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773-4646 [mobile] +01 707 529 9194 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
