[CDO] Security Model, I dont want that user can see all directories [message #1776313] |
Wed, 15 November 2017 09:12  |
|
Hi,
When I create a User:Bob, he can see all directories of the repository.
I would like that a Bob see only model inside a specific directory for example /home/commonproject.
So I have createed a resource fiter with the sepcific path in write
WIRTE==/home/commonproject
Result Bob can see write in the directory common project but can read other directory in the repository /home/alice (but not its content). Is it normal?
How can I do to see only my specificy directory only /home/commonproject ?
More over I would like also to have the permisssion to write only specific object inside models of /home/commonproject. How can I write in security model?
|
|
|
Re: [CDO] Security Model, I dont want that user can see all directories [message #1776340 is a reply to message #1776313] |
Wed, 15 November 2017 13:18  |
|
Hi, Patrick,
According to the CDO Wiki, you should be able to define READ permission filters as well as WRITE permission. So, perhaps your user role could have a READ filter that matches only /home/commonproject? This should looks something like the "Home Folder /home" role example in the wiki.
In order to access the commonproject/ subfolder of home/, it is of course necessary to be able to traverse the home/ folder, itself. So, that means being able to read it. As in a UNIX-like filesystem, that would imply knowing its contents but not being able to read them. I expect that this is normal in CDO, also. But my knowledge of the security model is fuzzy and several years old; perhaps Eike knows of any changes since 2013.
HTH,
Christian
|
|
|
Powered by
FUDForum. Page generated in 0.02073 seconds