 |
|
You are here: GSI Wiki>Linux Web>WebDAV>WebDAVRightsManagement (2010-05-05, MichaelDahlinger)Edit Attach
WebDAV Rights Management
ACL (Access Control List)
To manage rights on your WebDAV resources, you define ACLs through the WebDAV interface, e.g. with DAVExplorer. An ACL is a list of statements. Each statement defines a relationship between rights and principals (here: users or groups). In our Webdav context a group is a synonym for role. Example:ACL-Table --------------------------------------------- Right | Principal | Resource | Value --------------------------------------------- Right1 | GroupA | Resource1 | Granted <-- GroupA is allowed to apply Right1 on Resource1 Right2 | GroupB | Resource2 | Granted <-- GroupB is allowed to apply Right2 on Resource2 Right2 | User1 | Resource2 | Denied <-- User1 is NOT allowed to apply Right2 on Resource2 . . . . . . . . . . . .This means, even if User1 is a member of GroupB, he will not be allowed to apply Right2 on Resource2. See Evaluation.
Evaluation
Often the resources are filesystems or at least in hierarchical order. So, the ACL statements are evaluated following a path through the hierarchical structure of the resources. Deny statements have priority over all following grant statements.
Rights
There's an overview over availabe rights:
| Basic Right | Definition |
|---|---|
| read-object | read content and metadata (of the current version of a resource, if version controlled) |
| create-object | add new resource |
| remove-object | remove resource |
| grant-permission | define acl statement |
| revoke-permission | delete acl statement |
| read-permissions | read acl |
| read-own-permission | display acl information related to your own principal |
| lock-object | lock a resource |
| kill-lock | realease a lock from a resource |
| read-locks | determine which locks are on a resource |
| read-revision-metadata | read metadata also from current and older versions of the resource |
| create-revision-metadata | add another version of metadata |
| modify-revision-metadata | modify a version of metadata |
| remove-revision-metadata | remove a version of metadata |
| read-revision-content | read file content also from current and older versions of the resource |
| create-revision-content | add another version of file content |
| modify-revision-content | modify a version of file content |
| remove-revision-content | remove a version of file content |
| bind-member | create a new entry linked ("binded") to an existing resource |
| unbind-member | unlink an entry from an exisiting resource |
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 png |
rights_slide.png | manage | 229 K | 2006-11-03 - 17:30 | DennisKlein | overview: rights |
| png |
rights_slide_aclevaluation.png | manage | 57 K | 2006-11-03 - 18:02 | DennisKlein | full inheritated acl evaluation workflow |
| png |
rights_slide_legend.png | manage | 38 K | 2006-11-03 - 17:32 | DennisKlein | legend to overview |
Edit | Attach | Print version | History: r6 < r5 < r4 < r3 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r6 - 2010-05-05, MichaelDahlinger
- This page was cached on 2024-11-21 - 20:33.
- User Reference
- BeginnersStartHere
- EditingShorthand
- Macros
- MacrosQuickReference
- FormattedSearch
- QuerySearch
- DocumentGraphics
- SkinBrowser
- InstalledPlugins
- Admin Maintenance
- Reference Manual
- AdminToolsCategory
- InterWikis
- ManagingWebs
- SiteTools
- DefaultPreferences
- WebPreferences
- Categories
Aikido
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding GSI Wiki? Send feedback | Legal notice | Privacy Policy (german)