On Tue, 2005-11-08 at 14:31 +0100, Andreas Hartmann wrote: > Daniel Angileri wrote: > > > My "subtree-policy.acml looks like that: > > > > ********************************************************* > > <?xml version="1.0" encoding="UTF-8"?> > > <ac:policy xmlns:ac="http://apache.org/cocoon/lenya/ac/1.0"; ssl="false"> > > <ac:group id="PCA_Bereich1"> > > <ac:role id="testrole"/> > > </ac:group> > > <ac:group id="admin"> > > <ac:role id="admin"/> > > </ac:group> > > </ac:policy> > > ********************************************************* > > > > > > and the rights of the group are defined in "usecase-policies.xml" like > > that: > > > > ********************************************************* > > <usecases xmlns="http://apache.org/cocoon/lenya/ac/1.0";> > > <usecase id="create"><role id="edit"/></usecase> > > <usecase id="archive"><role id="edit"/></usecase> > > <usecase id="delete"><role id="edit"/></usecase> > > <usecase id="restore"><role id="edit"/></usecase> > > > > <usecase id="userAddUser"><role id="testrole"/></usecase> > > <usecase id="userChangeProfile"><role id="edit"/><role > > id="admin"/></usecase> > > <usecase id="userChangePasswordUser"><role id="edit"/></usecase> > > <usecase id="userChangePasswordAdmin"><role > > id="admin"/></usecase> > > <usecase id="userChangeGroups"><role id="admin"/></usecase> > > </usecases> > > ********************************************************* > > > > The user, which belongs to the group "PCA_Bereich1" should now only be > > able to add a user. > > The problem is, that he has full access to the admin-area. He also can > > create/delete groups, change passwords etc. > > This is strange, it sounds like a bug. > Would you mind filing a bug report, preferrably with a ZIP of your > config/ac directory? Maybe there's an open bug already, it would be great > if you could take a quick glance at the existing bug reports. > > Thanks, > Andreas
It's really strange, that this problem isn't described anywhere. Seeming that nobody has ever temped to install an user, who can add other users without having full admin-rights... I will write a bug report as soon as possible Thanks, Daniel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
