'Re: Roles and Permissions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jetspeed-user
Subject:    Re: Roles and Permissions
From:       Paul Spencer <paulsp () apache ! org>
Date:       2002-05-29 1:39:19
[Download RAW message or body]

Josh,
This is a know problem with the existing security model. Specifically, a 
user MUST have the role in the security tag.  If the request permission, 
maximize in this case, is in ANY role that the user has, then the 
permission is granted.

We are in the process of replacing the security mode.  See 
http://cvs.apache.org/viewcvs.cgi/jakarta-jetspeed/proposals/Security.txt

Paul Spencer

Josh Hone wrote:

> Hi all -
> 
>  I have a question concerning roles and permissions.  I have two 
> portlets that have <security role="user" />.  I have two people signed 
> up in the system, one with "admin" and "user" roles, and one with just a 
> "user" role.  I took away maximize permissions from the user role.  Now, 
> I can add the two portlets with <security role="user" /> to each 
> person's portal.  However, the administrator has maximize permission, so 
> something can happen to the portlet that I never intended, i.e. to 
> maximize it.  I try to express this intention by assigning the portlet 
> the <security role="user" /> since this role does not have maximize 
> permission assigned.  So there seems to not be a way to enforce which 
> permissions should be applied to which portlets.  If a user has more 
> than one role the maximum amount of permissions that can be applied to 
> the user is applied, based on the permissions allowed to the roles.
> 
>  The permission system is perfectly internally consistent, but is this 
> intended?  How does one enforce which permissions can be put on which 
> portlets?
> 
> Josh Hone
> Florida State University
> Physics Dept.
> 
> 
> 
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
> 
> 
> -- 
> To unsubscribe, e-mail:   
> <mailto:jetspeed-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:jetspeed-user-help@jakarta.apache.org>
> 
> 



--
To unsubscribe, e-mail:   <mailto:jetspeed-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-user-help@jakarta.apache.org>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic