I guess, it's because ACLSecurityImpl is not yet ready to cope with nested groups ... it's a shame, I know ... mea culpa!
I put that aside because I didn't find an efficient way to evaluate a principal match with arbitrary deeply nested groups (you have to navigate the groups net to the end to assert that it's not a match :-(). Maybe there should be a parameter (e.g. in NamespaceConfig) telling how deep group nesting can be? Other ideas? Comments? I can resume work on this issue ASAP. Regards, Peter > -----Original Message----- > From: K.C. Baltz [mailto:[EMAIL PROTECTED] > Sent: Monday, January 05, 2004 22:50 > To: 'Slide Users Mailing List' > Subject: Is this structure possible? > > > I would like to structure my files/permissions in the > following way and > I want to know how to do it if it's possible as I have been > unsuccessful > so far. > > My users are arranged in a hierarchy of groups. I would like > to have a > /files directory for each group and I would like the > permissions such > that a member of a group has access to the directory for that > group, as > well as the subdirectories which belong to the subgroups. > > E.g. > > /users/groupA > /users/groupB <-- groupB is a child of groupA > > /files > /files/groupA > /files/groupA/groupB > > Users in groupA should be able to access /files/groupA and > /files/groupA/groupB. > > Users in groupB should only be able to access /files/groupA/groupB. > > I've tried to set this up by granting inheritable permissions > to groupA > for /files/groupA, which works (users in groupA can access all the > directories) until I grant permissions to groupB for > /files/groupA/groupB. Once I do that, no one can access > /files/groupA/groupB. > > Help? > > K.C. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
