[Date Prev][Date Next]
Re: More granular privileges in ACLs (Was: (ITS#3625) [enhancement] per-operation ACLs)
I not sure it makes sense to regard "add" and "delete" as
separate levels from "write", nor can I (if the levels
are added) how to order "add" and "delete"... seems there
are reasonable arguments that add>delete and delete>add
Maybe we just need to split the "w"rite permission into "a"
(add) and "z" (delete), where =w is equivalent to =az,
but not add levels for add and delete?
BTW, is this mainly aimed at entry add/delete controls?
or attribute add/delete controls?
At 08:28 AM 4/4/2005, Pierangelo Masarati wrote:
>I've also prepared an implementation of the granular write permissions (ITS#3631). It's only for bdb/hdb at the moment. If it looks fine, I can easily extend it to all backend types. After this, I might try to work at extending the disclose feature to all operations and to other backend types (but no promises at the moment ;).
> SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497