You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Dirk Verbeeck <di...@pandora.be> on 2001/12/02 16:17:31 UTC

Re: Question about permissions

Hi

You are correct that you need read access on /files/folder1 to see
/files/folder1/folder2. But you also need read acess on the content of
the folder itself.
If you don't want users to access /files/folder1/folder3 then don't give
them access.
For example:
<objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files">
  <permission action="/actions" subject="/users/guest"
inheritable="false"/>
  <permission action="/actions" subject="/users/root"/>

  <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files/folder1">
    <permission action="/actions" subject="/users/guest"
inheritable="false"/>

    <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files/folder1/folder2">
      <permission action="/actions" subject="/users/guest"/>
    </objectnode>

    <objectnode classname="org.apache.slide.structure.SubjectNode"
uri="/files/folder1/folder3">
    </objectnode>

  </objectnode>
</objectnode>

You other question
   self  "~"
   all   "nobody"
   user  "/users/john"
   group "+/users/groupA"
   role  "root"

"nobody" applies to all users
"~" applies to self (you can access your own object,  john can access
/users/john)
"user" is a role and applies to all objects implementing the interface
UserRole


Dirk

Jean-Philippe Courson wrote:
> 
> Hi
> 
> I would like to know if I can do the following with slide permissions :
> 
> I want to allow /users/toto to read/write in a folder called folder2
> located at /files/folder1/folder2 without allowing him to list
> /files/folder1 contents.
> 
> Tell me if I am wrong but to do this I need to following permissions :
> 
> Object                 Subject     Action         Heritable Negative
> /                      user        /actions/read  0         0
> /                      nobody      /actions/read  0         0
> /users                 ~           /actions       1         0
> /users                 user        /actions/read  0         0
> /files                 nobody      /actions/read  0         0
> /files/folder1         /users/toto /actions/read  1         0
> /files/folder1/folder2 /users/toto /actions/write 1         0
> 
> The problem I have is that I must allow /users/toto to read
> /files/folder1 so he will be allowed to list the content of folder
> /files/folder1 (something that I don't want !).
> 
> How can I solve my problem ?
> Is there a way to imitate filesystems read and execute permissions
> differences for folders ?
> 
> Other questions :
> What exactly is subject 'user' used for permissions initialization ?
> What are the differences between subjects 'nobody' and '~' ?
> 
> Thanks for your help
> 
> Jean-Philippe
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>