On Tue, 2005-11-08 at 12:08 +0100, Andreas Hartmann wrote: > Daniel Angileri wrote: > > [...] > > > Ok, I think that's it. > > Do you have any solutions how I can give a user rights to create another > > user without beeing admin? > > > > There are usecases like "userAddUser", "groupAddGroup", etc. but it > > isnt't possible to reach the admin-area without beeing admin :( > > Take a look at config/ac/policies/admin/subtree-policy.acml. > There you can set the permissions for certain users. > > -- Andreas >
My "subtree-policy.acml looks like that: ********************************************************* <?xml version="1.0" encoding="UTF-8"?> <ac:policy xmlns:ac="http://apache.org/cocoon/lenya/ac/1.0"; ssl="false"> <ac:group id="PCA_Bereich1"> <ac:role id="testrole"/> </ac:group> <ac:group id="admin"> <ac:role id="admin"/> </ac:group> </ac:policy> ********************************************************* and the rights of the group are defined in "usecase-policies.xml" like that: ********************************************************* <usecases xmlns="http://apache.org/cocoon/lenya/ac/1.0";> <usecase id="create"><role id="edit"/></usecase> <usecase id="archive"><role id="edit"/></usecase> <usecase id="delete"><role id="edit"/></usecase> <usecase id="restore"><role id="edit"/></usecase> <usecase id="userAddUser"><role id="testrole"/></usecase> <usecase id="userChangeProfile"><role id="edit"/><role id="admin"/></usecase> <usecase id="userChangePasswordUser"><role id="edit"/></usecase> <usecase id="userChangePasswordAdmin"><role id="admin"/></usecase> <usecase id="userChangeGroups"><role id="admin"/></usecase> </usecases> ********************************************************* The user, which belongs to the group "PCA_Bereich1" should now only be able to add a user. The problem is, that he has full access to the admin-area. He also can create/delete groups, change passwords etc. How can I restrict this? Daniel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
