[mapguide-internals] MapGuide Security model

Kenneth Skovhede, GEOGRAF A/S ks at geograf.dk
Thu Sep 11 08:55:30 EDT 2008

I have been working a little with the MapGuide Security settings, and 
one thing bothers me greatly.
If I create a new folder, and grant a specific user read/write access, 
the user does not get read/write access,
unless the user has read/write access to ALL folders in the path, 
including the root folder.

This is both annoying, and very hard to maintain. To prevent that user 
from writing into other folders,
I have to explicitly deny the user access (or grant readonly acces) to 
every other folder in the root, and
all folders in the newly created folders path.

Even with this elaborate work, it is still possible for the user to 
create folders and files in the root folder.
If I decide to add a new folder, and it happens to be in the path of a 
folder with write access, I have
to remember to deny the user. Clearly this is going to go wrong many times.

Is this the intention, and was there a problem implementing something else?
Are there any tricks for using security settings?

A visual example of how it currently works:

Library://  <-- User A has RW, user B has RO (assigned)
    Folder1 <-- No matter what I assign here, user B can get no more 
than RO access
       Folder2 <-- User A has RW here and above
    Folder3 <-- I must explicitly deny write access to user A here, and 
to any folders on this level

What I would expect:

Library:// <-- Deny access to everyone
    Folder1 <-- Assign RW to user B, Assign RO to user A
       Folder2 <-- User B has RW here, can also assign user A RW
    Folder3 <-- Access is denied to everyone

Regards, Kenneth Skovhede, GEOGRAF A/S

More information about the mapguide-internals mailing list