You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by bu...@apache.org on 2003/06/23 20:24:23 UTC
DO NOT REPLY [Bug 21022] New: -
[FIX] Confusion about role permissions
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21022>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21022
[FIX] Confusion about role permissions
Summary: [FIX] Confusion about role permissions
Product: Jetspeed
Version: 1.4b2
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Documentation
AssignedTo: jetspeed-dev@jakarta.apache.org
ReportedBy: morciuch@apache.org
This is one of the most confusing parts about the security. By default,
Jetspeed ships with RegistryAccessController which ignores what permissions are
assigned to role via the database. RegistryAccessController uses security refs
instead.
Most people go to Security Role Browser and manipulate role permissions there
excpecting to activate/deactivate security options for portlets. Even the
security how-to is not clear in this respect.
The easiest thing would be to make an entry in the FAQ + put a note on the
Security Role and Permission Browsers that these are only applicable to
TurbineAccessController. Besides, isn't TurbineAccessController deprecated. In
which case we should just delete permissions from the database and find source
to populate permission list boxe in the Security Ref Editor.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org