[4suite-dev] ACL set vs add

Mike.Olson molson at fourthought.com
Thu Nov 21 13:55:03 MST 2002 

On Thu, 21 Nov 2002, Mike Brown wrote:

> This is completely unintuitive. Currently there seems to be
> no difference between using set and add. The Quick Start doc
> appendix B says

Sure there is.  Here is a chain of events:

1)  create a new resource.  None of its ACL options are set on creation so
they are all inherited from its parent.  So:

  foo  write --> super-users
  foo/new.xml  write-->super-users

  The key point is that new.xml currently has no information about who can
write to it, it is all contained in the container foo.

2)  Then, you set (or add in this case because it has zero entries in
its write ACL table) the ACL on it to "uo"
  This now adds the information to new.xml about who can write to it so it
is no longer inhertied from foo.

  foo write --> super-users
  foo/new.xml  write --> uo

3)  Now, add another "mo" to new.xml

   foo/new.xml write --> uo.mo

4)  Now set the acl to mb

   foo/new.xml write --> mb

5)  Remove mb from the ACL  This causes it to get inherited again.

   foo/new.xml write --> super-users



Does this make more sense?

It gets even more confusiong if foo has multiple entries in its write ACL

  foo write --> mo,mb,uo
  foo/new.xml --> write mo,mb,uo

Then if you add an ACL item to new.xml you actually shorten the list

   foo/new.xml write --> so

Mike

>
>   set - to completely replace existing specific ACL permission with
>         a new set you specify
>
>   For example, if you wanted to set permission of Write ACL to "uo",
>   then type "s".
>
>   Enter the type of access as write and the username to set as "uo".
>
>   The others super-users and owners (that you can see above) will be
>   replaced by "uo".
>
>   Then only "uo" will have permission to write to that container,
>   in this case /home/uo.
>
>
>   add - to add additional users to a specific ACL permissions list
>
>   For example, if you wanted to add user "uo" to the Write ACL,
>   then type "a" and enter the type of access as write and the
>   username to set as "uo". "uo" will be added to the existing list
>   of users.
>
>
> If you follow the directions, you get the exact same results for
> both set and add:
>
>   Write ACL
>     uo --> allowed
>
> My impression is that the results for 'add' should be different, but
> your note above makes it sound like the display doesn't reflect the
> real ACL, or maybe it does and this is the expected behavior.. or something.
>
> Help.
> _______________________________________________
> 4suite-dev mailing list
> 4suite-dev at lists.fourthought.com
> http://lists.fourthought.com/mailman/listinfo/4suite-dev
>

More information about the 4suite-dev mailing list