Michael Ralston wrote:
OK, IIUC you want to cut the inheritance at child level, not at
parent level. But what if you want to cut the inheritance only for
a certain user/group?
breaking inheritance at a certain child means that it has no policies at
all. therefore if you wanted to inherit only some permissions they would
have to be regranted on the child. eg...
OK, that's what I thought. IMO it is not very convenient, because you
have to duplicate the knowledge, and have to update the child when the
parent permissions change.
[...]
I do see the merits of the revoke system over the inheritance off
system. Is it possible (or useful) to have both systems together?
I guess this would be possible, but the user interface might become
quite complex.
>
Would it be worth doing some research into how various operating systems
handle this task? Rather than reinvent the wheel we could model the
lenya access controls on how an existing proven system works, eg posix
acl, or windows xp security dialogs.
I guess this makes sense, but I could imagine that repositories
like JCR are more appropriate than OSs. Feel free to come up with a
proposal!
-- Andreas
--
Andreas Hartmann
Wyona Inc. - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
