[Moin-user] + and - in ACLs
Michael P. Soulier
michael_soulier at mitel.com
Fri Oct 29 10:05:06 EDT 2004
On 29/10/04 Thomas Waldmann did say:
> Maybe refactor this and add it to MoinMaster:HelpOnAccessControlLists -
> thanks. :)
I'll do that. ;-)
> ACLs are processed "before" then "page/default" then "after".
> Within those, "left to right".
> So it begins at left of "before" with AdminGroup:... - this matches if
> you are a member of admin group.
> If it matches, you get the rights (arwdr) and ACL processing STOPS.
> If it does not match, ACL processing continues with +TrustedGroup:admin
> - this matches if you are a member of TrustedGroup.
> If it matches, you get the rights (a) and - now the difference to above
> case - ACL processing CONTINUES! So if there is another match for that
> group or your user or Known: or All: you will get those rights, too.
> If it does not match, ACL processing continues - with the page ACLs (if
> there are any) or with default ACLs (if there are no pages ACLs) and
> finally with the "after" ACLs.
Aha. So a - means that you lose the right on a match, and processing
continues. Is that right?
Michael P. Soulier <michael_soulier at mitel.com>, 613-592-2122 x2522
6000/6010/60* Development, Mitel Corporation
"...the word HACK is used as a verb to indicate a massive amount of nerd-like
effort." -Harley Hahn, A Student's Guide to Unix
More information about the Moin-user