Re: [Bodington-developers] Testing SP : groups-xml-mapper-policy

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

ok, I see now. So it's impossible to translate sysadmin between bods.  
Prolly a good idea anyway.

Atif, any chance you can exempt "sysadmin" from the shibb auth? The  
LDAPAuthenticator does this. It uses local auth for the "sysadmin" user.

Would exempting sysadmin user be ok for 2.8 and maybe think about  
allowing parallel auths for 2.10?

Alistair

On 29 Jun 2006, at 15:17, Matthew Buckett wrote:

> Alistair Young wrote:
>> yep, you're correct. So the sysadmins group has the same rights as
>> the allusers group! What's it for then?
>
> Sysadmin has less rights than allusers. allusers has see and view  
> at /site
>
>> Is it the case that the user "sysadmin" has rights to everything but
>> the sysadmins group is basically meaningless?
>
> Yep.
>
>> Logging in as "sysadmin" lets you see all resources but no-one
>> specifically granted access to the user who logs in as "sysadmin".
>> Being added to the sysadmins group gets you access to nothing that
>> isn't public.
>
> Yep. the sysadmin group is worthless until it is granted some
> permissions to a resource.
>
>> To get sysadmin access to a resource you have to be in that
>> resource's owners group. So is the user who logs in as "sysadmin" a
>> member of every group on the system? Create a new group and
>> "sysadmin" gets added automatically?
>
> No. Sysadmin is only a member of some owners groups and some of the
> special groups by default.
>
> To get sysadmin rights to a resource you have to have the sysadmin
> permission over that resource (sysadmin is automatically inherited  
> even
> if inherit is unchecked).
>
> As an example you *COULD* grant the allusers group sysadmin rights to
> /site and then every user would have sysadmin rights to the whole  
> site.
>
> -- 
>   -- Matthew Buckett, VLE Developer
>   -- Learning Technologies Group, Oxford University Computing Services
>   -- Tel: +44 (0)1865 283660 http://www.oucs.ox.ac.uk/ltg/
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers