James,
Your recommended approach means
1. each time when I created a new user, I need
to traverse all the nodes in the tree and add "read deny" this new user to the node.
2. when I want to assign a folder to this user, I will go to delete all the "read
deny"s to him in this folder's all upstream folders and all downstream folders.
3. each time I create a new folder, I need to add "read denys" of all the users of
this system who shouldn't see this folder - I don't know how to retrieve this user
list yet.
What we are building is a totally dynamic system, users can keep creating new users
and new folders, each user has his/her own accessible folders. Do you think this
approach is a feasible one? Thanks.
regards,
Jun
>Ok, I think I understand the issue a bit better now.
>
>What I'd recommend is you start with the largest group of users possible
>and work your way down. Start by granting read to authenticated on A.
>This will give all of your users read access to the entire tree, so you
>don't need to worry about that. For special cases, such as Carl, you'll
>need to modify the permissions further down. Grant Carl write access to
>C1 and deny him read access to B2. The consequence of the way
>inheritance works in Slide is that you're going to have a lot of "deny"
>permissions to keep people out of certain areas.
>
>-James
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
