Re: [Ganymede Dev] Permissions model......

[Jonathan Abbey <jonabbey@arlut.utexas.edu>]

| Hi JOn,
| Here is the schema representation for my role object...
| 
| <object type="Role" id="New Role">
|       <Name>New Role</Name>
|       <Owned_Object_Bits>
|         <permissions>
|
| ...

Here's the problem.. your 'New Role' doesn't give the Owner of the
Address object any viewing or editing privileges at all.

Edit the Role, click on the 'Edit Owner Objects Bits' button, and use
the treeTable dialog to turn on viewing and editing privileges for the
Address object as a whole, along with whatever fields you want to have
be editable.

|           <Address perm="">
|             <Expiration_Date perm=""/>
|             <TTL perm=""/>
|             <PTR-ID perm=""/>
|             <HostNumber perm=""/>
|             <Notes perm=""/>
|             <A-ID perm=""/>
|             <Mail_Exchanger perm=""/>
|             <Removal_Date perm=""/>
|             <HardWare-ID perm=""/>
|             <SOA-ID perm=""/>
|             <Building perm=""/>
|             <Subnet-ID perm=""/>
|             <Closet_Number perm=""/>
|             <Dynamic perm=""/>
|             <SubDomain perm=""/>
|             <Room_Number perm=""/>
|             <Owner_list perm=""/>
|             <Owner perm=""/>
|             <CName perm=""/>
|             <HostName perm=""/>
|           </Address>
|         </permissions>
|       </Owned_Object_Bits>
|       <Default_Bits>
|         <permissions>
| ...
|           <Start_of_Authority perm="VECD">
|             <Expiration_Date perm="VEC"/>
|             <Class perm="VEC"/>
|             <Refresh perm="VEC"/>
|             <Negative_TTL perm="VEC"/>
|             <TTL perm="VEC"/>
|             <Notes perm="VEC"/>
|             <Domain perm="VEC"/>
|             <Removal_Date perm="VEC"/>
|             <Delegated perm="VEC"/>
|             <NameServer perm="VEC"/>
|             <MailBox perm="VEC"/>
|             <Positive_TTL perm="VEC"/>
|             <Retry perm="VEC"/>
|             <Parent perm="VEC"/>
|             <Serial_Number perm="VEC"/>
|             <Expire perm="VEC"/>
|             <Owner_list perm="VEC"/>
|             <Owner perm="VEC"/>
|           </Start_of_Authority>
|         </permissions>
|       </Default_Bits>
| ...
|     </object>
|     
| Here one of the objects i.e. "STart_Of_Authority" is not loading the 
| object types....within it...otherwise ever other object which i have 
| permission to is fine!!!!!!!!

I don't know what you mean by that, Gaurav.  I do notice that you have
a lot of permissions set in the 'Default Bits' field of your Role for
the 'Start of Authority' object type.  You have things set up so that
any admin who has the 'New Role' Role can edit any 'Start of
Authority' object, regardless of whether or not he owns it, which may
or may not be what you really want.

| Thanks a lot
| Gaurav

-------------------------------------------------------------------------------
Jonathan Abbey 				              jonabbey@arlut.utexas.edu
Applied Research Laboratories                 The University of Texas at Austin
Ganymede, a GPL'ed metadirectory for UNIX     http://www.arlut.utexas.edu/gash2

----------------------------------------------------------------------------
To make changes to your subscription to the Ganymede Dev mailing list, send
mail to majordomo@arlut.utexas.edu.

To unsubcribe, include the line

unsubscribe ganymede-dev

in the body of your mail message

Visit the Ganymede web page at http://www.arlut.utexas.edu/gash2

----------------------------------------------------------------------------