Page 1 of 1
[4.0] Privileges group / user
PostPosted:Tue Jan 26, 2010 10:55 am
by bidouille
Hello,
My user "intranet" is in UserRole group but has only read access on a document.
grant_access.jpg (24.19 KiB) Viewed 2823 times
But he can still move or delete.
I don't understand
Re: [4.0] Privileges group / user
PostPosted:Thu Jan 28, 2010 9:35 am
by jllort
You must not propagate UserRole grant because is used for all users to get connection, It might be deleted from okm:root at first time by administrator and create your own roles there.
Privileges are grants roleX + grants roleY ( and UserRole has write and read grants ) that's the reason
Re: [4.0] Privileges group / user
PostPosted:Thu Jan 28, 2010 3:35 pm
by bidouille
jllort wrote:It might be deleted from okm:root at first time by administrator and create your own roles there.
OK but I already create some users. Can I roll back?
jllort wrote:You must not propagate UserRole grant
Argh! A warning message will be welcome to prevent it.
Re: [4.0] Privileges group / user
PostPosted:Tue Feb 02, 2010 7:07 pm
by pavila
Well, it depends on your security policy. This goes into the "best practices" manual
grant_access.jpg (24.19 KiB) Viewed 2823 times
But he can still move or delete.