[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Controlling access based on group membership

On 24/2/2012 4:56 ÎÎ, Nick Milas wrote:

I have tried to make it more precise. So, assuming the schema is as follows (OIDs are hypothetical), can someone comment on the following (modified accordingly) access list?

 access to <some entries> <some attributes>
       by set="this/writeAccessEntities/member* & user" write
       by set="this/readAccessEntities/member* & user" read
by set="this/searchAccessEntities/member* & user" search

I tested this (the write and read parts) and it works as expected.

The administrator just has to pay attention to also provide at least read access to "children,entry" attributes for the associated groups.