WebDAV Rights Management
ACL (Access Control List)
To manage rights on your
WebDAV resources, you define
ACLs through the
WebDAV interface, e.g. with
DAVExplorer. An ACL is a list of statements. Each statement defines a relationship between rights and principals (here: users or groups). In our Webdav context a group is a synonym for role.
Example:
ACL-Table
---------------------------------------------
Right | Principal | Resource | Value
---------------------------------------------
Right1 | GroupA | Resource1 | Granted <-- GroupA is allowed to apply Right1 on Resource1
Right2 | GroupB | Resource2 | Granted <-- GroupB is allowed to apply Right2 on Resource2
Right2 | User1 | Resource2 | Denied <-- User1 is NOT allowed to apply Right2 on Resource2
. . . .
. . . .
. . . .
This means, even if User1 is a member of
GroupB, he will not be allowed to apply Right2 on Resource2. See
Evaluation.
Evaluation
Often the resources are filesystems or at least in hierarchical order. So, the ACL statements are evaluated following a path through the hierarchical structure of the resources. Deny statements have priority over all following grant statements.
Rights
There's an overview over availabe rights:
Basic Right |
Definition |
create-revision-content |
add another version of file content |
create-revision-metadata |
add another version of metadata |
create-object |
add new resource |
bind-member |
create a new entry linked ("binded") to an existing resource |
grant-permission |
define acl statement |
revoke-permission |
delete acl statement |
read-locks |
determine which locks are on a resource |
read-own-permission |
display acl information related to your own principal |
lock-object |
lock a resource |
modify-revision-content |
modify a version of file content |
modify-revision-metadata |
modify a version of metadata |
read-permissions |
read acl |
read-object |
read content and metadata (of the current version of a resource, if version controlled) |
read-revision-content |
read file content also from current and older versions of the resource |
read-revision-metadata |
read metadata also from current and older versions of the resource |
kill-lock |
realease a lock from a resource |
remove-revision-content |
remove a version of file content |
remove-revision-metadata |
remove a version of metadata |
remove-object |
remove resource |
unbind-member |
unlink an entry from an exisiting resource |
for GSI specific rights managements see
WebDAVAccounts.
--
DennisKlein - 10 Nov 2006, last mod.
MichaelDahlinger - 05 May 2010