Here is a sample node tree. Permissions are listed in square brackets.
Notice that /files/eric/resources/folder1/folder2/folder3 is granted
/actions/read to /users/eric-groups/egg only. When I call
security.checkPermission(folder3, frank, read), why isn't
AllowedDeniedException thrown?
Root : / [(/-root-/actions-true) ]
Child : /users []
Child : /users/root []
Child : /users/eric []
Child : /users/eric-users []
Child : /users/eric-users/frank []
Child : /users/eric-users/eggYoug []
Child : /users/eric-groups []
Child : /users/eric-groups/egg []
Child : /users/eric-groups/egg/eggYoug []
Child : /actions []
Child : /actions/read []
Child : /actions/write []
Child : /actions/manage []
Child : /files []
Child : /files/eric [(/files/eric-/users/eric-/actions-true) ]
Child : /files/eric/resources []
Child : /files/eric/resources/folder1 []
Child : /files/eric/resources/folder1/folder2 []
Child : /files/eric/resources/folder1/folder2/folder3
[(/files/eric/resources/folder1/folder2/folder3-+/users/eric-groups/egg-/act
ions/read-false) ]
Child : /files/eric/resources/folder1/folder2/folder3/file3.txt []
Child : /files/eric/resources/folder1/folder2/file2.txt []
Child : /files/eric/resources/folder1/file1.txt []
Closing data sources
java.lang.AssertionError: frank should not be allowed to access folder3
at Test.main(Test.java:88)
--
Willie Vu
> -----Original Message-----
> From: Willie Vu [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 23, 2003 11:19
> To: [EMAIL PROTECTED]
> Subject: Question on permission setting
>
>
> I want to setup permissions so that:
>
> 1. each user (say John) has his own /files/<user name>
> directory. Only he and root has write permission. 2. John is
> allowed to grant read permission to other users (say Mary).
> 3. The number of users who can share directories are dynamic.
> So, new users (Joe, Peter) will be created after permissions
> are set up.
>
> The namespace looks like this:
>
> /
> - files
> -- john (root and john has read/write permission; mary has
> read permission)
> - users
> -- root
> -- john
> -- mary
>
> More users will be created in the future. I want to make
> sure no new users have read permission to /files/john. So, I
> tried adding a negative permission to /files/john, i.e.
> (/files/john, /users, /actions/read, negative). The problem
> is that even john and root has no read permission to
> /files/john. The reason is that If Slide finds a permission
> conflict on the same node, the negative permission prevails.
> I have do not specify permission explicitly, it seems like
> everyone has /actions/read to /files/john.
>
> My question is, how do I setup permissions so that a node is
> only readable by persons whom are granted /actions/read
> explicitly and no one else, including new users, have
> /actions/read to the node?
>
>
> --
> Willie Vu
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For
> additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
