[pmwiki-users] authuser password denial
Neil Herber
nospam at eton.ca
Tue Apr 18 13:47:05 CDT 2006
At 2006-04-18 09:46 AM -0500, Patrick R. Michaud is rumored to have said:
>I know that denials *do* work if specified as a password,
>thus setting a password to "id:*,-Fred" or "@groupx id:-Fred"
>will authorize anyone but Fred. But I'm not sure if it
>works in the @group syntax in Site.AuthUser -- I might have
>to look at it more closely to be sure.
I take it from this that to deny Fred access to Groupx, I need to set
the Groupx.GroupAttributes read password
to "id:*,-Fred" or "@groupx id:-Fred". And for the second one to
work SiteAuthUser needs to have "@Groupx: *" set.
That is probably a workable solution in my current state, since the
number denied is smallest. It would be useful to have it work on the
Site.AuthUser page, because then I can see all of the permissions at
a glance and don't get stung by hidden attributes.
Neil Herber
Corporate info at http://www.eton.ca/
More information about the pmwiki-users
mailing list