> Am 03.05.2016 um 14:35 schrieb mattm <[email protected]>: > >> I have done: >> - create group Test >> - insert user1 in Test >> - create Role Tmp >> - add get_overrides permission >> - add New Super Permission for Group Test >> - create user2 with role Tmp AND Observer >> - login as user2 and see everything from user1 with the Permissions of >> Observer >> - change the second Role of user2 to Guest and you see only the Overrides >> >> So it’s not the desired behavior? > > This sounds like intended behaviour. Super given to role Tmp on group Test > gives role Tmp access to everything of the members of group Test. So user2 > gets access to all of user1, because user1 is in group Test.
Ok, but it would be very nice, if the super permissions would be limited to the permissions of that one Role and not to every Permission the User has. If a team leader or other team member should have read access to all the Tasks but not write/execute permissions, that would be the easiest way to implement. Otherwise you have to manually add every group/role/user to a new task/override… Maybe its something to think about. > Changing the role of user2 to Guest removes this access. Not sure why > user2 sees the overrides when given Guest. Perhaps you shared them > directly with user2. Thats because the Role Tmp has the get_overrides permission and expands the Guest permissions. Thanks, René _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
