I have set a root folder and a sub folder:
rootfolder1
-subfolder1
The permissions are set to user1 to have full access to rootfolder1 and none to subfolder1 with inheritance certainly disabled.
However, if I log on as user1 I have also full access to the subfolder1.
Chris
2/25/2009 8:55 AM
Are you sure that you explicitly added user1 to the access list of subfolder1 and unchecked all permissions?
Otherwise a subfolder will inherit the parent folder's permissions.
Cem Alacayir
3/11/2009 2:43 AM
aha, it works with explicitly adding the denied user.
Thanks for the info.
Is there a special reason for that design?
Compared to the common access design (as in nfts), a user not added to the access list without propagation enabled shall have no access. So your design looks complex with the latent risk of an unattended false configuration: Once a new user is added to the system, it has full access to these folders unless you manually add him to the deny list.
Chris
3/11/2009 3:31 AM
In earlier versions, you could only set the permissions of the root folders and you couldn't set separate permissions for subfolders and they always inherited from parent. So for easier transition to the new feature, we needed to design it like this.
You can think propagation is enabled by default. This is why, you see "Inherit from parent" option is automatically checked when there is no user added to the access list explicitly.
Also it would be good to start with restrictive permissions on the root level. This way, you can give further permissions to users as required when going down the folder tree.
For example,
On root level you can set your group's permission to Traverse only on root level. This will make your root a "noaccess" folder but the traverse permission will allow you to access the subfolders.
You can have a subfolder named "Upload" under the root. You can add some users with Upload permission to this subfolder.
Similarly you can have a subfolder named "FullAccess" and you can add some users with Full permission.
We may improve the permissions system in future versions.
Cem Alacayir
3/11/2009 3:56 AM