Michael Ralston wrote:
Imagine a situation where you want to add a private area in a public
website. If there is one protected document among a large number of
public siblings, the inherit=off method is rather painful. Additionally,
you have to copy the parent settings to all public sub-documents, and
maintain them there. It would be much more convenient to deny the access
for the private sub-document.
I don't see why you would have to copy parent settings to all
sub-documents. In the below tree it is only 'protected' and its children
that have different Policies.
/live - world=view
|
|---- index inherits world=view
| |
| |-- child inherits world=view
|
|---- protected, inherit=off, MemberGroup=view
|
|-- protected child inherits MemberGroup=view
OK, IIUC you want to cut the inheritance at child level, not at
parent level. But what if you want to cut the inheritance only for
a certain user/group?
I do see the merits of the revoke system over the inheritance off
system. Is it possible (or useful) to have both systems together?
I guess this would be possible, but the user interface might become
quite complex.
-- Andreas
--
Andreas Hartmann
Wyona Inc. - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
