Hi Marius, I, apparently, did NOT know that! It seems painfully obvious now, but at the time we were setting this up, we thought we had to explicitly block people from seeing those protected pages. Now I understand that the "allow" checkbox implicitly blocks anyone not also allowed.
Thank you very much for clearing that up for me! - Matt L. On Fri, Mar 8, 2013 at 2:13 AM, Marius Dumitru Florea < [email protected]> wrote: > Hi Matt, > > In case you don't know, an explicit allow rule means deny for everyone > else. So when you give for instance 'view' rights to Group A to a > Space X it means that *only* Group A is allowed to view the pages from > space X. Thus if you use allow instead of deny then you can have an > user be part of both Group A and B, and she will have access to the > set of pages that both groups have. > > In any case, removing users from XWikiAllGroup is a sign of bad > design. You should not have to do this. All valid users must be part > of XWikiAllGroup otherwise you might get into trouble later. > > Hope this helps, > Marius > > On Thu, Mar 7, 2013 at 9:52 PM, Matt Lamoureux <[email protected]> wrote: > > Hi all, > > I am having trouble understanding user permissions again. I have > Xwiki > > set up for LDAP authentication, so any user who signs in gets added to > the > > XWikiAllGroup. For this example, let's say I have GroupA and GroupB, > both > > of which have their own sets of protected pages. The way it works now is > > that I have to remove each user from XWikiAllGroup and add them to either > > GroupA or GroupB. This way, the protected pages are set to deny to > anyone > > NOT a member of that particular group. > > My question is: how can I get a single member of Group A to be > > authorized for the GroupB protected pages? I cannot simply add them to > > GroupB - they would then not be allowed access to either set of pages > > because the deny rules take precedence. I could add them to a third > group > > called GroupsA&B, but that seems a poor solution, as this would only > > increase in complexity in the future. Do I have my architecture of > > protected pages set up wrong - is there are more logical way to configure > > this? > > > > Thanks in advance! > > - Matt L. > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
