On 04/12/2011 02:26 PM, Joel Schuster wrote: > I believe that I have this working now. I'm not sure I understand why, but it > does seem to work. What I can say is that I did not use 'remove' right, only > add.
Deny rights are stronger than allow rights. Since all members of GroupTwo are also members of AllGroup, they are also denied access. Thus, setting "deny" on AllGroup really means that nobody can view that space. As for why it works, as others already said, if someone has "allow", then everybody else implicitly is denied. If you say that GroupOne is allowed to view, this translates into "only GroupOne is allowed to view". Also note that there's no inheritance between rights, so also set the same rights for edit and comment as well, since otherwise users in GroupTwo will be able to edit documents, although they cannot view them. > - Joel > > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Thomas Mortagne >> Sent: Tuesday, April 12, 2011 1:40 AM >> To: XWiki Users >> Subject: Re: [xwiki-users] Users in Multiple Groups. >> >> On Tue, Apr 12, 2011 at 08:31, Marius Dumitru Florea >> <[email protected]> wrote: >>> Hi Joel, >>> >>> On 04/12/2011 12:53 AM, Joel Schuster wrote: >>>> >>>> >>>> So how would I set up my group rights in this scenario? I've tried >>>> this out and I can't seem to get it to work. >>>> >>>> >>>> >>>> SpaceMain -> everyone should be able to see >>>> >>>> SpaceOne -> only users in GroupOne can see. No one else may see this >>>> space, Non-grouped or spacetwo users. >>>> >>>> SpaceTwo -> only users in GroupTwo and use. No one else may see this >>>> space, Non-grouped or spaceone users. >>>> >>>> >>>> >>> >>>> I've tried denying GroupOne& AllGroup from SpaceTwo but a GroupTwo >>>> member isn't being allowed to see. >>> >>> Have you tried to explicitly allow view/edit to SpaceOne for GroupOne >>> and to SpaceTwo for GroupTwo? I think an explicit allow means deny for >>> all the rest, but I haven't tried. >> >> Yes giving a right for a group/user implicitly remove it for others. >> -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
