You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Dirk Verbeeck <di...@pandora.be> on 2001/12/02 16:17:31 UTC
Re: Question about permissions
Hi
You are correct that you need read access on /files/folder1 to see
/files/folder1/folder2. But you also need read acess on the content of
the folder itself.
If you don't want users to access /files/folder1/folder3 then don't give
them access.
For example:
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files">
<permission action="/actions" subject="/users/guest"
inheritable="false"/>
<permission action="/actions" subject="/users/root"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files/folder1">
<permission action="/actions" subject="/users/guest"
inheritable="false"/>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files/folder1/folder2">
<permission action="/actions" subject="/users/guest"/>
</objectnode>
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files/folder1/folder3">
</objectnode>
</objectnode>
</objectnode>
You other question
self "~"
all "nobody"
user "/users/john"
group "+/users/groupA"
role "root"
"nobody" applies to all users
"~" applies to self (you can access your own object, john can access
/users/john)
"user" is a role and applies to all objects implementing the interface
UserRole
Dirk
Jean-Philippe Courson wrote:
>
> Hi
>
> I would like to know if I can do the following with slide permissions :
>
> I want to allow /users/toto to read/write in a folder called folder2
> located at /files/folder1/folder2 without allowing him to list
> /files/folder1 contents.
>
> Tell me if I am wrong but to do this I need to following permissions :
>
> Object Subject Action Heritable Negative
> / user /actions/read 0 0
> / nobody /actions/read 0 0
> /users ~ /actions 1 0
> /users user /actions/read 0 0
> /files nobody /actions/read 0 0
> /files/folder1 /users/toto /actions/read 1 0
> /files/folder1/folder2 /users/toto /actions/write 1 0
>
> The problem I have is that I must allow /users/toto to read
> /files/folder1 so he will be allowed to list the content of folder
> /files/folder1 (something that I don't want !).
>
> How can I solve my problem ?
> Is there a way to imitate filesystems read and execute permissions
> differences for folders ?
>
> Other questions :
> What exactly is subject 'user' used for permissions initialization ?
> What are the differences between subjects 'nobody' and '~' ?
>
> Thanks for your help
>
> Jean-Philippe
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>