We have been using the permission model in Slide a lot lately and have a
similar scenario where the number of users and directories is dynamic. The
number of Groups is dynamic in our case as well. Let me see if I can
help.....
/users/admin needs /actions on / (full access to everything)
/users/john needs /actions on /files/john (full access to his own
directory)
/users/mary needs /actions on /files/mary (full access to her own
directory)
A user needs /actions on a node in order to be able to modify the ACL for
that node, read and write are not sufficient.
The admin user could create new users and directories and the necessary
permissions.
Also, John could grant Mary read permissions in his folder by issuing an
ACL method containing the <DAV:read> privilege for /users/mary
Some advice:
- In your case, stay away from ROLE based permissions for now.
- Be careful when modifying permissions on a node. You must replace all
existing permissions defined at that node, plus make any additions and
subtractions or else you will lose your original permissions. The Webdav
ACL spec talks about this in Section 8.1
- Slide implements all issues permissions as inheritable in their
implementation of the ACL method on the server.
- Stan
"Willie Vu"
<[EMAIL PROTECTED]> To:
<[EMAIL PROTECTED]>
cc:
01/22/2003 10:18 Subject: Question on permission
setting
PM
Please respond to
"Slide Users
Mailing List"
I want to setup permissions so that:
1. each user (say John) has his own /files/<user name> directory. Only he
and root has write permission.
2. John is allowed to grant read permission to other users (say Mary).
3. The number of users who can share directories are dynamic. So, new
users
(Joe, Peter) will be created after permissions are set up.
The namespace looks like this:
/
- files
-- john (root and john has read/write permission; mary has read
permission)
- users
-- root
-- john
-- mary
More users will be created in the future. I want to make sure no new users
have read permission to /files/john. So, I tried adding a negative
permission to /files/john, i.e. (/files/john, /users, /actions/read,
negative). The problem is that even john and root has no read permission
to
/files/john. The reason is that If Slide finds a permission conflict on
the
same node, the negative permission prevails. I have do not specify
permission explicitly, it seems like everyone has /actions/read to
/files/john.
My question is, how do I setup permissions so that a node is only readable
by persons whom are granted /actions/read explicitly and no one else,
including new users, have /actions/read to the node?
--
Willie Vu
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]
>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]
>
************************************************************************
If you received this e-mail in error please delete it and notify the sender as soon as
possible. The contents of this e-mail may be confidential and the unauthorized use,
copying, or dissemination of it and any attachments to it, is prohibited.
Internet communications are not secure and Hyperion does not, therefore, accept legal
responsibility for the contents of this message nor for any damage caused by viruses.
The views expressed here do not necessarily represent those of Hyperion.
For more information about Hyperion, please visit our Web site at www.hyperion.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
