Andreas Hartmann wrote:
Michael Ralston wrote:
OK, IIUC you want to cut the inheritance at child level, not at
parent level. But what if you want to cut the inheritance only for
a certain user/group?
breaking inheritance at a certain child means that it has no policies
at all. therefore if you wanted to inherit only some permissions they
would have to be regranted on the child. eg...
OK, that's what I thought. IMO it is not very convenient, because you
have to duplicate the knowledge, and have to update the child when the
parent permissions change.
Couldn't this "remove all" inherited permissions be done with a "remove
all" button on the ac page? Then if you want to add the permission
(role / user|group|ip paring) back just uncheck the remove checkbox next
to the permission.
[...]
I do see the merits of the revoke system over the inheritance off
system. Is it possible (or useful) to have both systems together?
I guess this would be possible, but the user interface might become
quite complex.
>
Would it be worth doing some research into how various operating
systems handle this task? Rather than reinvent the wheel we could
model the lenya access controls on how an existing proven system
works, eg posix acl, or windows xp security dialogs.
I guess this makes sense, but I could imagine that repositories
like JCR are more appropriate than OSs. Feel free to come up with a
proposal!
-- Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
