[jboss-user] [JBoss Portal] - Re: CMS security not working
DanielGallot
do-not-reply at jboss.com
Fri Dec 21 14:45:46 EST 2007
anonymous wrote : anonymous wrote :
| | But there is another effect I don't understand : "myRole" got read access to "/MyTopDirectory/TheUsableDirectory" and not to other directories where it has not been granted write access. Specifying 'write' access to '/TheUsableDirectory' should recurse to other directories under '/TheUsableDirectory', and since write implies read, you should have 'read' access there. *Except ofcouse if you specifically specify permissions on nodes under this, which override the recursing permissions*
| Are you overriding the recursing permissions the nodes?
OK, I understand why "myRole" get read access to '/TheUsableDirectory' (hence we should have write access), but I don't understand why it has not read access on '/TheUsableDirectory2' since it has read access to "/".
I am not overriding more than what I describe.
anonymous wrote : Reason I ask is if you grant read access to 'MyTopDirectory" but no access to '/', then you will not get access to 'MyTopDirectory' for obvious security reasons. Permissions only recurse down the tree, not up the tree.
|
OK I have to grant read access to "/".
anonymous wrote : for myRole2 who needs write access to /MyUsableDirectort2 but only read access to /MyUsableDirectory, then for permissions on /MyUsableDirectory make sure you grant this role atleast *read access*
In fact I don't want to grant "myRole2" with read access to /MyUsableDirectory.
But when "overriding the recursing permissions" happens ? As soon as you make one change for a given role in whatever directory ? That would explain why the read access is no more available to '/TheUsableDirectory2'....
Thanks and Merry christmas you too. I am on holidays now until 02/01/2008.
Happy to read you next year !
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4115112#4115112
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4115112
More information about the jboss-user
mailing list