You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by "Punzo, Frank J (HTSC, IT)" <Fr...@thehartford.com> on 2007/01/11 19:17:25 UTC

CreateCollection

I have Slide working on our Weblogic 8.1 environment. I have figured out
how to add users/roles and to grant access to resources. One question...
can someone recommend the best way to grant a role the ability to write
files in a directory... but deny the ability to create sub-directories
underneath it. I want to set up a structure for people (a taxonomy) and
allow them the ability to write files into it but don't want people
adding more directories. Is this possible? 

--Frank



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************

RE: CreateCollection

Posted by "Punzo, Frank J (HTSC, IT)" <Fr...@thehartford.com>.
Nice! Looks like I can grant write-content and deny bind. I'll give that a try. Thanks for the link that was really helpful. 
 
--Frank

________________________________

From: Miguel Figueiredo [mailto:mfigueiredo@maisis.pt]
Sent: Fri 1/12/2007 5:09 AM
To: 'Slide Users Mailing List'
Subject: RE: CreateCollection



Hello Frank,

 According to ACL webdav spec, it is possible. Checkout this link, in the
section <3.4.  DAV:write-content Privilege> versus <3.9.  DAV:bind
Privilege>:

http://www.ietf.org/rfc/rfc3744.txt

 Hope this helps,
 Miguel Figueiredo

-----Original Message-----
From: Punzo, Frank J (HTSC, IT) [mailto:Frank.Punzo@thehartford.com]
Sent: quinta-feira, 11 de Janeiro de 2007 18:17
To: slide-user@jakarta.apache.org
Subject: CreateCollection

I have Slide working on our Weblogic 8.1 environment. I have figured out
how to add users/roles and to grant access to resources. One question...
can someone recommend the best way to grant a role the ability to write
files in a directory... but deny the ability to create sub-directories
underneath it. I want to set up a structure for people (a taxonomy) and
allow them the ability to write files into it but don't want people
adding more directories. Is this possible?

--Frank



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************



---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

RE: CreateCollection

Posted by Miguel Figueiredo <mf...@maisis.pt>.
Hello Frank,

 I've just confirmed your test scenario. I also believe this is a bug :|

Best Regards,
Miguel Figueiredo

-----Original Message-----
From: Punzo, Frank J (HTSC, IT) [mailto:Frank.Punzo@thehartford.com] 
Sent: sexta-feira, 12 de Janeiro de 2007 20:13
To: Slide Users Mailing List
Subject: RE: CreateCollection

I have tried this with no success. I'm wondering if there's a bug. I'm
logging into my system as slide/users/manager1. I'm trying to write to
folder /slide/files/folder1. The only way I can allow manager1 to write
files (using DavExplorer->Write File) is to Grant the "write"
permission. If I try to Grant anything but "write" it says unauthorized.
I've even tried adding every other permission nested underneath the
"write" permission. Below are the acls for folder1 the first set of acls
does not work for manager1. The second set of acls does work for
manager1. 

These permissions DO NOT allow WebDavExplorer File-Write File command
inside of /slide/files/folder1 when logged in as /slide/users/manager1
...

/slide/users/manager1	write-content 	Grant	
/slide/users/manager1	unbind		Grant	
/slide/users/manager1	bind			Grant	
/slide/users/manager1	write-properties	Grant	
/slide/users/manager1	unlock		Grant	
/slide/users/manager1   write-acl		Grant
unauthenticated		all			Grant	/slide/files
property			read-acl		Grant
/slide/files
/slide/roles/root		all			Grant	/slide/
all				read-acl, 
				write-acl, 
				unlock		Deny	/slide/
all				read			Grant	/slide/


These permissions DO allow WebDavExplorer File-Write File command inside
of /slide/files/folder1 when logged in as /slide/users/manager1 ...

/slide/users/manager1	write		 	Grant	
unauthenticated		all			Grant	/slide/files
property			read-acl		Grant
/slide/files
/slide/roles/root		all			Grant	/slide/
all				read-acl, 
				write-acl, 
				unlock		Deny	/slide/
all				read			Grant	/slide/



Why would granting "write" work and granting every other permission that
sums to "write" not work? 

Has anyone seen this before? 

Can anyone suggest a work around? What I want to do is Grant the ability
to write files inside of a folder but deny the ability to create more
folders (collections) underneath. 

Thanks, 
Frank


-----Original Message-----
From: Miguel Figueiredo [mailto:mfigueiredo@maisis.pt] 
Sent: Friday, January 12, 2007 5:10 AM
To: 'Slide Users Mailing List'
Subject: RE: CreateCollection

Hello Frank,

 According to ACL webdav spec, it is possible. Checkout this link, in
the section <3.4.  DAV:write-content Privilege> versus <3.9.  DAV:bind
Privilege>:

http://www.ietf.org/rfc/rfc3744.txt 

 Hope this helps,
 Miguel Figueiredo

-----Original Message-----
From: Punzo, Frank J (HTSC, IT) [mailto:Frank.Punzo@thehartford.com]
Sent: quinta-feira, 11 de Janeiro de 2007 18:17
To: slide-user@jakarta.apache.org
Subject: CreateCollection

I have Slide working on our Weblogic 8.1 environment. I have figured out
how to add users/roles and to grant access to resources. One question...
can someone recommend the best way to grant a role the ability to write
files in a directory... but deny the ability to create sub-directories
underneath it. I want to set up a structure for people (a taxonomy) and
allow them the ability to write files into it but don't want people
adding more directories. Is this possible? 

--Frank



************************************************************************
*
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.
************************************************************************
*



---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

RE: CreateCollection

Posted by "Punzo, Frank J (HTSC, IT)" <Fr...@thehartford.com>.
I have tried this with no success. I'm wondering if there's a bug. I'm
logging into my system as slide/users/manager1. I'm trying to write to
folder /slide/files/folder1. The only way I can allow manager1 to write
files (using DavExplorer->Write File) is to Grant the "write"
permission. If I try to Grant anything but "write" it says unauthorized.
I've even tried adding every other permission nested underneath the
"write" permission. Below are the acls for folder1 the first set of acls
does not work for manager1. The second set of acls does work for
manager1. 

These permissions DO NOT allow WebDavExplorer File-Write File command
inside of /slide/files/folder1 when logged in as /slide/users/manager1
...

/slide/users/manager1	write-content 	Grant	
/slide/users/manager1	unbind		Grant	
/slide/users/manager1	bind			Grant	
/slide/users/manager1	write-properties	Grant	
/slide/users/manager1	unlock		Grant	
/slide/users/manager1   write-acl		Grant
unauthenticated		all			Grant	/slide/files
property			read-acl		Grant
/slide/files
/slide/roles/root		all			Grant	/slide/
all				read-acl, 
				write-acl, 
				unlock		Deny	/slide/
all				read			Grant	/slide/


These permissions DO allow WebDavExplorer File-Write File command inside
of /slide/files/folder1 when logged in as /slide/users/manager1 ...

/slide/users/manager1	write		 	Grant	
unauthenticated		all			Grant	/slide/files
property			read-acl		Grant
/slide/files
/slide/roles/root		all			Grant	/slide/
all				read-acl, 
				write-acl, 
				unlock		Deny	/slide/
all				read			Grant	/slide/



Why would granting "write" work and granting every other permission that
sums to "write" not work? 

Has anyone seen this before? 

Can anyone suggest a work around? What I want to do is Grant the ability
to write files inside of a folder but deny the ability to create more
folders (collections) underneath. 

Thanks, 
Frank


-----Original Message-----
From: Miguel Figueiredo [mailto:mfigueiredo@maisis.pt] 
Sent: Friday, January 12, 2007 5:10 AM
To: 'Slide Users Mailing List'
Subject: RE: CreateCollection

Hello Frank,

 According to ACL webdav spec, it is possible. Checkout this link, in
the section <3.4.  DAV:write-content Privilege> versus <3.9.  DAV:bind
Privilege>:

http://www.ietf.org/rfc/rfc3744.txt 

 Hope this helps,
 Miguel Figueiredo

-----Original Message-----
From: Punzo, Frank J (HTSC, IT) [mailto:Frank.Punzo@thehartford.com]
Sent: quinta-feira, 11 de Janeiro de 2007 18:17
To: slide-user@jakarta.apache.org
Subject: CreateCollection

I have Slide working on our Weblogic 8.1 environment. I have figured out
how to add users/roles and to grant access to resources. One question...
can someone recommend the best way to grant a role the ability to write
files in a directory... but deny the ability to create sub-directories
underneath it. I want to set up a structure for people (a taxonomy) and
allow them the ability to write files into it but don't want people
adding more directories. Is this possible? 

--Frank



************************************************************************
*
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.
************************************************************************
*



---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

RE: CreateCollection

Posted by Miguel Figueiredo <mf...@maisis.pt>.
Hello Frank,

 According to ACL webdav spec, it is possible. Checkout this link, in the
section <3.4.  DAV:write-content Privilege> versus <3.9.  DAV:bind
Privilege>:

http://www.ietf.org/rfc/rfc3744.txt 

 Hope this helps,
 Miguel Figueiredo

-----Original Message-----
From: Punzo, Frank J (HTSC, IT) [mailto:Frank.Punzo@thehartford.com] 
Sent: quinta-feira, 11 de Janeiro de 2007 18:17
To: slide-user@jakarta.apache.org
Subject: CreateCollection

I have Slide working on our Weblogic 8.1 environment. I have figured out
how to add users/roles and to grant access to resources. One question...
can someone recommend the best way to grant a role the ability to write
files in a directory... but deny the ability to create sub-directories
underneath it. I want to set up a structure for people (a taxonomy) and
allow them the ability to write files into it but don't want people
adding more directories. Is this possible? 

--Frank



*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************



---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org