8 Sep
2014
8 Sep
'14
6:31 p.m.
On 09/08/2014 12:15 PM, Leonardo Kodato wrote:
Hi Users.
Let's assume that I have two groups, XWikiAllGroup and IT Department, and I
want to deny AllGroup's access to a specific page and allow the IT to view
it.
The problem is that UserX is member of both of them. When I deny
XWikiAllGroup's permission, UserX is unable to view the page, when it
should be, as he is member of IT Department(allowed to view it).
How can I solve this without denying all other groups except XwikiAllGroup?
Deny rights are always stronger than allow rights.
One non-intuitive fact about rights is that setting a right for an
entity implicitly denies that right for everybody else. So it's enough
to allow grant rights to ITDepartment, everybody else will be denied
that right.
--
Sergiu Dumitriu
http://purl.org/net/sergiu