Daniel Angileri wrote:
My "subtree-policy.acml looks like that:
*********************************************************
<?xml version="1.0" encoding="UTF-8"?>
<ac:policy xmlns:ac="http://apache.org/cocoon/lenya/ac/1.0"; ssl="false">
<ac:group id="PCA_Bereich1">
<ac:role id="testrole"/>
</ac:group>
<ac:group id="admin">
<ac:role id="admin"/>
</ac:group>
</ac:policy>
*********************************************************
and the rights of the group are defined in "usecase-policies.xml" like
that:
*********************************************************
<usecases xmlns="http://apache.org/cocoon/lenya/ac/1.0";>
<usecase id="create"><role id="edit"/></usecase>
<usecase id="archive"><role id="edit"/></usecase>
<usecase id="delete"><role id="edit"/></usecase>
<usecase id="restore"><role id="edit"/></usecase>
<usecase id="userAddUser"><role id="testrole"/></usecase>
<usecase id="userChangeProfile"><role id="edit"/><role
id="admin"/></usecase>
<usecase id="userChangePasswordUser"><role id="edit"/></usecase>
<usecase id="userChangePasswordAdmin"><role
id="admin"/></usecase>
<usecase id="userChangeGroups"><role id="admin"/></usecase>
</usecases>
*********************************************************
The user, which belongs to the group "PCA_Bereich1" should now only be
able to add a user.
The problem is, that he has full access to the admin-area. He also can
create/delete groups, change passwords etc.
This is strange, it sounds like a bug.
Would you mind filing a bug report, preferrably with a ZIP of your
config/ac directory? Maybe there's an open bug already, it would be great
if you could take a quick glance at the existing bug reports.
Thanks,
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
