[mapguide-internals] MapGuide Security model
Kenneth Skovhede, GEOGRAF A/S
ks at geograf.dk
Thu Sep 11 08:55:30 EDT 2008
I have been working a little with the MapGuide Security settings, and
one thing bothers me greatly.
If I create a new folder, and grant a specific user read/write access,
the user does not get read/write access,
unless the user has read/write access to ALL folders in the path,
including the root folder.
This is both annoying, and very hard to maintain. To prevent that user
from writing into other folders,
I have to explicitly deny the user access (or grant readonly acces) to
every other folder in the root, and
all folders in the newly created folders path.
Even with this elaborate work, it is still possible for the user to
create folders and files in the root folder.
If I decide to add a new folder, and it happens to be in the path of a
folder with write access, I have
to remember to deny the user. Clearly this is going to go wrong many times.
Is this the intention, and was there a problem implementing something else?
Are there any tricks for using security settings?
A visual example of how it currently works:
Library:// <-- User A has RW, user B has RO (assigned)
Folder1 <-- No matter what I assign here, user B can get no more
than RO access
Folder2 <-- User A has RW here and above
Folder3 <-- I must explicitly deny write access to user A here, and
to any folders on this level
What I would expect:
Library:// <-- Deny access to everyone
Folder1 <-- Assign RW to user B, Assign RO to user A
Folder2 <-- User B has RW here, can also assign user A RW
Folder3 <-- Access is denied to everyone
Regards, Kenneth Skovhede, GEOGRAF A/S
More information about the mapguide-internals