7 Mar
2013
7 Mar
'13
8:52 p.m.
Hi all,
I am having trouble understanding user permissions again. I have Xwiki
set up for LDAP authentication, so any user who signs in gets added to the
XWikiAllGroup. For this example, let's say I have GroupA and GroupB, both
of which have their own sets of protected pages. The way it works now is
that I have to remove each user from XWikiAllGroup and add them to either
GroupA or GroupB. This way, the protected pages are set to deny to anyone
NOT a member of that particular group.
My question is: how can I get a single member of Group A to be
authorized for the GroupB protected pages? I cannot simply add them to
GroupB - they would then not be allowed access to either set of pages
because the deny rules take precedence. I could add them to a third group
called GroupsA&B, but that seems a poor solution, as this would only
increase in complexity in the future. Do I have my architecture of
protected pages set up wrong - is there are more logical way to configure
this?
Thanks in advance!
- Matt L.