Hi! >> Your initial description was refering to groups, I think. >> They are not roles. A role can be applied to a group, >> however. >> >> > but, in fact, we don't have groups, we have roles. >> >> Then the fire role does not work as it refers to groups. > > After considering the whole issue, we have concluded that, in our > case, the easiest solution is to add the action viewrestrcoll with the > list of collections we want to restrict, for each of the roles we > already have (half a dozen).
This is a clean way. I understood indeed that you have a group structure in Invenio e.g. by external auth or users generating some groups themselves. > When testing it we have been bitten again by the fact that those > permissions are effective only after running webcoll. Acutally, I found that 1.1 series applies restrictions much faster than former versions. Ie. stuff is most likely restricted until something happens. -- Kind regards, Alexander Wagner Deutsches Elektronen-Synchrotron DESY Library and Documentation Building 01d Room OG1.444 Notkestr. 85 22607 Hamburg phone: +49-40-8998-1758 fax: +49-40-8994-1758 e-mail: [email protected]
