|
Transaction Management
Reduce downtime and increase repeat sales by improving end-user experience. Free White Paper
Database Recovery
Feeling the increased demands on data protection and storage requirements? Download Free Report! |
Access Control Lists on Files copied in via Web Folders
I've created a folder in the XML DB repository, FTPed an ACL into the repository and assigned the ACL to the folder - something like:
...
status := dbms_xdb.CreateFolder('/my_folder');
dbms_xdb.setAcl('/my_folder','/sys/acls/my_list_acl.xml')
The ACL list looks like this:
<acl description="Protected:All privileges to OWNER and PAUL" xmlns="http://xmlns.oracle.com/xdb/acl.xsd" xmlns:dav="DAV:" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/xdb/acl.xsd http://xmlns.oracle.com/xdb/acl.xsd">
<ace>
<principal>dav:owner</principal>
<grant>true</grant>
<privilege>
<all/>
</privilege>
</ace>
<ace>
<principal>PAUL</principal>
<grant>true</grant>
<privilege>
<all/>
</privilege>
</ace>
<ace>
<principal>PUBLIC</principal>
<grant>true</grant>
<privilege>
<dav:read />
</privilege>
</ace>
</acl>
If I connect via web folders as PAUL and copy a Word doc into the repository, I can edit it fine. If I then connect as AN_OTHER, I can still edit the Word doc. I expected the ACL list to stop this as AN_OTHER would be classed under PUBLIC. Is this not the case? Is the above ACL wrong or is something else happening?
Cheers,
Paul.
Access Control Lists on Files copied in via Web Folders
SELECT DBMS_XDB.getPrivileges('/my_folder').getClobVal() FROM DUAL;
If the result shows AN_OTHER only has read privledges yet he can update the repository, then there maybe a configuration issue. WEBDAV support is built on top of the XML functionality that this article covers. For additional help in this area, I suggest you visit theOTN XMLDB Forum at http://forums.oracle.com/forums/forum.jspa?forumID=34.
Access Control Lists on Files copied in via Web Folders
SELECT DBMS_XDB.getPrivileges('/my_folder').getClobVal() FROM DUAL;
If the result shows AN_OTHER only has read privledges yet he can update the repository, then there maybe a configuration issue. WEBDAV support is built on top of the XML functionality that this article covers. For additional help in this area, I suggest you visit theOTN XMLDB Forum at http://forums.oracle.com/forums/forum.jspa?forumID=34.