Re: [xwiki-users] User Permissions Issue

Hi I've tried reading through the security and rights articles but I'm afraid it hasn't really helped make things any clearer for me. At the moment I have this very strange scenario where adding/removing users to a group doesn't immediately (or at all) apply the permission unless I add and remove XWikiAllGroup to the group and then remove it. <http://xwiki.475771.n2.nabble.com/file/n7594521/sales_rights.png> Above is how the permissions are applied to the Sales space. I then add my "MH Test" user to one group (e.g. sales_write) and then try and refresh in Firefox (Using private mode and clearing the local cache. Using refresh=1 doesn't help either). Only once did I manage to make the user able to see the space. But, if I add the test user to the group and then add XWikiAllGroup and refresh then I can see the space. If I then remove XWikiAllGroup from the group, I can STILL see the space and make changes etc. I have allowed XWikiAllGroup View Permission in a different group called "General-Read" which I created in order to allow read-access to the General space. It appears to me that XWiki is seeing the user as part of XWikiAllGroup in General-Read and see that General-Read doesn't have explicit allow or deny and then ties with the permission of "allow" in Sales_Read and apparently Deny wins? Below are screenshots of how the General-* has its permissions applied in the Sales space. <http://xwiki.475771.n2.nabble.com/file/n7594521/general_permissions_in_sales.png> I have gone further and removed XWikiAllGroup from General-Read and I can then immediately see the permissions in the Sales-* groups being applied. If I then add the Sales-* groups as sub-groups of General-Read, then I get the same behaviour, i.e. user of Sales* gets denied permission. As I write this, I'm starting to think/understand that this is the designed behaviour and my only solution will be to use Sub-Wikis instead of spaces. So for example Sales sub-wiki and General sub-wiki. Users would be members/registered to the main wiki, but I could then create groups in the sub-wiki for Read, Read/Write, Admin and it wouldn't get over-ridden/collide with permissions/user in other groups. Can anyone tell me if I'm on the right track or point me at some documentation or provide some tips please? Thanks in advance for your time and help. -- View this message in context: http://xwiki.475771.n2.nabble.com/User-Permissions-Issue-tp7594486p7594521.… Sent from the XWiki- Users mailing list archive at Nabble.com.