[DG: User / Using Sakai] Permissions and !site.user

[Daniel Merino]

Thanks for your answer, John. I can understand now how it works.

But I think it's strange that the rest of the user type's site.* 
permissions can override the local site.* permissions (at least in our 
installation, maybe we did something wrong?). For example, if you give 
the site.upd.site.mbrshp to the .auth role of the !user.type.guest 
realm, any guest user can add or delete users in every site he is member 
of, regardless he is access, maintain, etc. I think that the local 
permissions should have priority here.

Regards.

John Leasia escribió:
> Daniel,
> the !user.template.<type> realms pretty much just control the user's 
> ability to create sites or not - whether they have the 'new' action 
> showing up in their My Workspace> Worksite Setup toolbar. In that 
> realm, just the site.add permission for the .auth role is checked or 
> unchecked to control that ability.
>
> When a user logs in the first time and their My Workspace is created, 
> they get a site that is copied from a site with id of 
> !site.<useraccounttype>. That way you can give users of different 
> types different sets of tools. The realms (permission sets) for the 
> user's My Workspace come from the !site.user realm.  Generally a user 
> will be maintain role in their own My Workspace, and have full 
> permissions on tools there.
>
> There is some info on this in presentations made about configuring 
> Sakai from past Sakai conferences - for example,
> http://bugs.sakaiproject.org/confluence/download/attachments/7471222/Configuring_Sakai_Newport.pdf
>
> John
>
>
> Daniel Merino wrote:
>> Hi all. We have a doubt about permissions.
>>
>> We have created the roles !user.template.registered and 
>> !user.template.guest, so we can differ between official users and 
>> external users. We though that these permissions affect only to the "My 
>> Workspace" site of every user, because every course or project has their 
>> own roles maintain and access, regardless of the user type.
>>
>> However, when the users log in, the My Workspace site inherits the realm 
>> !site.user, and this realm has the maintain and access roles, so the 
>> global user type permissions (guest or registered) are crashing against 
>> the My Workspace permissions (access or maintain). And we don't know how 
>> the permissions work in this situation.
>>
>> In the sakai_permissions.doc, there is written only a short description 
>> of the !user.site realm. Does anybody know where could we learn more 
>> about the permissions behaviour when there are crashes between roles?
>>
>> Thanks in advance.
>>   

-- 
Daniel Merino
daniel.merino at unavarra.es
Gestor de teleformación - Centro Superior de Innovación Educativa.
Tfno: 948-168489 - Universidad Pública de Navarra.
--
El secreto del éxito es la honestidad. Si puedes evitarla, está hecho. 
(Groucho Marx)