Hi, >>> 3. Is it possible to do Role-based PSML for a particular role? Suppose >>> i want to have a set of users under the Role "Operator" to have >>> role-based PSML and the users under "Admin" user-based PSML (if this >>> is a vaild term)? > >Yes, your scenario is possible. >Jetspeed first looks under the user-based PSML, if it fails to find a PSML page for the user, it when then look under the (first) role.
But what I observed is if I change a anon user under role as user, and remove the user/anon directory (especially no access to psml file of anon user) completely. Then according to theory it should definitely try to aproach role/user directory for the psml file. Though I have expicitly given permision to anon as view. It gives me a error saying - "Error retreiving portlet info" -- something similar wordings. So I tried creating new user this time, I made the default security as my own (wherein I have given view access for this user), assigned the user role. Had the role-based access. And made this user as anonymous user. Still it gives the same error as - "Error retreiving portlet info" -- something similar wordings, actually I didn't had that screenshot in front of me presently. Can anybody point me where actually I am doing the mistake. Thanks & regards, Prasad. -----Original Message----- From: David Sean Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, 16 February, 2004 12:06 To: Jetspeed Users List Subject: Re: Security questions On Saturday, February 14, 2004, at 05:44 PM, Archana Turaga wrote: > Hi, > The following questions: > > 1. What is the purpose of groups in jetspeed? Just like Role-based > PSML is there group-based PSML? > Groups represent a collection of users much in the same way groups are used in operating systems. Thus you can 'group' collections of users together in order to apply security constraints to those users. For example, you could create a constraint that granted view and customize access to all users in group 'A', but only view access to group 'B' Try playing around with the Security Browser portlet to get a feel for how security constraints apply to groups, users and rules. Also take a look at the authorization (AccessControl) API in Jetspeed Security. There are APIs for granting and revoking roles to users, and for users joining and removing from groups. Also, there are APIs fro granting and revoking roles in the context of a group. This is because Jetspeed tries to be flexible in its security model. We support a user having different roles when they are in a different groups. A use case would be "Anne is the Project manager in Group A (which could be a project), but she is Chief Engineer in Group B (another project) Thus groups could abstractly represent "projects" or "domains", or just organizational groups. Speaking of organizations, in J2 we plan to support hierarchies of roles and groups. If you don't need roles inside of groups, we have the global group concept. The 'Jetspeed' is the global group, as reflected in the API. This gives the possibility of organizing your security model with disjoint (no) associations between roles and groups. > 2. What is really the meaning of owner-only security permission? > This means that only the owner is granted access to a resource. For example, a portlet on a page could be restricted to only the owner customizing the portlet. > 3. Is it possible to do Role-based PSML for a particular role? Suppose > i want to have a set of users under the Role "Operator" to have > role-based PSML and the users under "Admin" user-based PSML (if this > is a vaild term)? Yes, your scenario is possible. Jetspeed first looks under the user-based PSML, if it fails to find a PSML page for the user, it when then look under the (first) role. > > Trying to get these terms cleared so that i can come up with a clear > security model for a project. > > Thanks for your time and patience. > > Regards, > Archana > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773-4646 [mobile] +01 707 529 9194 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]