[Moin-user] + and - in ACLs

Michael P. Soulier michael_soulier at mitel.com
Fri Oct 29 10:05:06 EDT 2004


On 29/10/04 Thomas Waldmann did say:

> Maybe refactor this and add it to MoinMaster:HelpOnAccessControlLists - 
> thanks. :)

I'll do that. ;-)

> ACLs are processed "before" then "page/default" then "after".
> Within those, "left to right".
> 
> So it begins at left of "before" with AdminGroup:... - this matches if 
> you are a member of admin group.
> If it matches, you get the rights (arwdr) and ACL processing STOPS.
> 
> If it does not match, ACL processing continues with +TrustedGroup:admin 
> - this matches if you are a member of TrustedGroup.
> 
> If it matches, you get the rights (a) and - now the difference to above 
> case - ACL processing CONTINUES! So if there is another match for that 
> group or your user or Known: or All: you will get those rights, too.
> 
> If it does not match, ACL processing continues - with the page ACLs (if 
> there are any) or with default ACLs (if there are no pages ACLs) and 
> finally with the "after" ACLs.

Aha. So a - means that you lose the right on a match, and processing
continues. Is that right?

Thanks,
Mike

-- 
Michael P. Soulier <michael_soulier at mitel.com>, 613-592-2122 x2522
6000/6010/60* Development, Mitel Corporation
"...the word HACK is used as a verb to indicate a massive amount of nerd-like
effort." -Harley Hahn, A Student's Guide to Unix




More information about the Moin-user mailing list