[horde] Cannot add any permission
Chuck Hagenbuch
chuck at horde.org
Tue Jan 16 21:29:02 PST 2007
Quoting Otto Stolz <Otto.Stolz at uni-konstanz.de>:
> E. g.,
> - what does "show" mean? (There is also a "read" permission;
> what is the difference?)
Show is, "Can I see that this thing exists". The most obvious case for
this is calendar free/busy data. Can I see whether someone is busy? is
a different question from, Can I see what they're doing? Show gets you
that they're busy from 5-6; Read gets you that they have a meeting
with a client.
> - Who is the "creator"? (Contrary to my expectations, I had to
> grant all authenticated users read/write access to the personal
> address books (dubbed »localsql«), so apparently no user is
> considerered the creator of his own personal address book.)
The creator is the creator of an individual resource (event, contact, etc.).
> - Apparently, »All Authenticated Users« really means »default
> rights«, i. e. these apply if no individual rights apply to
> a particular session. Is that conjecture correct?
Sort of. It applies to anyone who's logged in, but yes, if someone has
specific rights assigned via group or user permissions, those take
precedence.
> - Apparently, revoking all rights for a user, or a group, will
> remove that user or group entirely from the data tree, effectively
> granting default rights to them. Is that observation correct?
It doesn't "grant" default rights to them, but yes, there is no such
thing as "negative" permissions (deny), so if you take all rights from
a specific user they will therefore be treated as a regular
authenticated user.
-chuck
--
"we are plastered to the windshield of the bus that is time." - Chris
More information about the horde
mailing list