[dokuwiki] Re: ACL: What if "none" always prevails?
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 21 Jan 2009 09:35:59 +0100
> I've been trying to set up ACL permissions in our internal wiki, which
> mainly uses Active Directory groups for permissions. I have used the
> DokuWiki group "ALL" to set generic permissions in our entire wiki to
> "read". That works well since we want most of our information to be readable
> by all our users, but there are certain types of users that we want to deny
> access to the wiki (guests, external users). I tried using an AD group and
> giving it the ACL "none" in the root of our wiki, but they can still access
> all information that "ALL" has read access to. I also tried explicitly
> setting the group permissions to "none" on a namespace that also has "ALL:
> Read" and the result is "read".
Users always get the highest permission assigned to the same
namespace. So if you give read access to @ALL on the root namespace,
then you can do restrictions only for sub namespaces. Eg. this would
restrict access for guest users on the secret namespace. All other
users would still have read access (or upload if they belong to the
@users group).
* @ALL 1
* @users 8
secret:* @guests 0
secret:* @users 8
Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
