24 Sep
2012
24 Sep
'12
7:26 a.m.
If you deny permission to any group that a user is a member of, the user
will not be able to access the document, deny overpowers allow.
What you can do is block access for the whole space then explicitly allow
AllGroup for the pages which you want them to be able to see. Alternatively
you could separate the pages into two spaces which makes it easier.
Thanks,
Caleb
On 09/24/2012 06:53 AM, Matt Lamoureux wrote:
Can someone please confirm that I understand user
rights properly?
I have a wiki in which I have loaded all of our custom pages into a space
called "1". We use LDAP, so every user is automatically added to the
XWikiAllGroup. We have a small team that wants to utilize secured pages,
so I created a group called GroupA. I then went through and added team
members to GroupA (without removing them from XWikiAllGroup).
At the wiki level, I have granted both groups "view" access, but blocked
everything else.
At the "1" space level, I have granted both groups "edit" and
"delete"
rights
Now, in that space, there are some pages that we only want GroupA to see.
I thought it was simple - I could just go into each page, block
XWikiAllGroup from view/edit/delete, and grant view/edit/delete access to
GroupA. Apparently that is not true - the fact that they are still in
XWikiAllGroup prevents them from viewing those pages, since that group is
blocked? I expected the fact that they are part of GroupA and GroupA is
authorized, they would be authorized.
If that is true, what is the solution to this? What is the simplest way to
secure a page from everyone except the members of GroupA? If I remove
GroupA members from XWikiAllGroup, that seems to cause other issues with
skins and such.
Any suggestions?
Thanks!
- Matt L.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users