`
xiaohlang
  • 浏览: 91070 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

opencms的用户组和用户系统

阅读更多


http://opencms-wiki.org/How_OpenCms_Permissions_work

How Permissions work
OpenCms Access Control Lists are different from most other Access Control Lists (ACLs). Unlike most ACLs, OpenCms uses a 3 stage active denial ACL. This means there are three states for any given permission level:

Allow – yes, you have access
No Permission - Nothing checked (no allow, no deny) – this is a default deny, what we would normally think of as deny. A “soft” deny, by virtue of not specifically being allowed.
Deny – this is the “hard” deny – it forces itself over all other permissions at all lower levels of the tree, so that even if you go into a subfolder and check “Allow” specifically, Deny will over-rule it.
So what this means is you don’t want a “hard deny” high up in the file tree if you need to over-ride it elsewhere. Instead, you want the “soft deny”, or just no permission.

One thing about OpenCms is that by default, the User group has write permission. In order to change this, you must go up to the site level, (/sites), select your website folder (in this case /sites/yoursite), manually add in the Users group, and set the permission you want. Then you select “Overwrite Inherited” and “Inherit on Subfolders” so that the permissions you chose are the ones inherited throughout the site.

OpenCms also follows the most restrictive rules for a give user. So, even if a person is an Administrator, of they are also a User, and a User has been blocked from publishing, then that person can’t publish, even though they are an Administrator! The solution is that Administrators should not belong to any other groups.

[edit] Default Groups
Guest – view live content only
Webuser – has a login, but can’t get to the workspace. Used for storing member data and personalization
The WebUser user has been removed in opencms 7.0.5
Users – can login to the workspace, and view the Offline (editing) project, as well as the online (live) project. Usually they have the permission to read, write, view, and control (properties of the file).
Projectmanagers – can do everything the user can, but can also publish files from the Offline project to the Online (live) project
Administrators – “god”
With respect to rights to individual resource types, only the Administrators group (and those which have it as parent) are able to create and edit JSP pages.

[edit] Basic Permissions
You can select any combination of the following permissions, but remember the MOST restrictive permissions always override, if a person is in more than one group with different permissions set.

(These definitions are from the source code)

READ (r) the right to read the contents of a resource
WRITE (w) the right to write the contents of a resource
VIEW (v) the right to see a resource in listings (workplace)
CONTROL (c) the right to set permissions of a resource
DIRECT_PUBLISH (d) the right direct publish a resource even without publish project permissions
[edit] Exceptions
Michael Moossen from Alkacon wrote on the OpenCms Mailinglist on June 5th 2008:

... this is not a bug, it is the intended behavior. administrators are allowed to do everything, and all permission checks are ignored. this is important also to have in mind, when testing a new feature/configuration...

[edit] Additional Information
Michael Moossen from Alkacon on the OpenCms Mailinglist on December 7th 2009:

...
> Is there some kind of double usage of the +c / -c flag?
Yes, it means (almost) always control as in the docs, except in the explorer types where 'c' means create and not control,
as just explained.
...
分享到:
评论

相关推荐

    OpenCMS内容管理系统入门教程

    - OpenCMS提供了默认的用户和用户组配置。 - 用户可以根据需要进行调整。 - **用户与用户组创建**: - 创建新的用户和用户组,以便更好地分配权限。 - **权限配置**: - 配置不同用户的访问权限,保障信息安全。...

    OpenCms中文用户手册

    6. **工作流与权限**:解释OpenCms中的工作流概念,如何设置审批流程,以及用户和组的权限管理,确保内容的安全和合规性。 7. **模块与扩展**:讨论OpenCms的模块化结构,如何安装和卸载第三方模块,以及自定义开发...

    opencms中文用户手册.rar

    3. **权限管理**:系统提供用户、组和角色的概念,以实现权限控制。用户手册将指导如何分配不同的访问和操作权限,确保内容的安全性和合规性。 4. **资源管理**:OpenCms支持对各种资源(如文本、图像、文档)的...

    朗华opencms ofbiz 结合包

    通过这个结合包,用户可以在OpenCMS中编辑和发布内容,同时利用OFBiz的强大功能处理复杂的业务逻辑和数据管理。 该结合包可能包含以下关键组件和集成点: 1. **接口集成**:实现OpenCMS与OFBiz之间的数据交换,...

    openCMS 使用手册

    5. **权限分配**:为不同用户或用户组分配相应的操作权限,确保数据安全。 6. **插件安装**:从openCMS市场或其他来源获取插件,按照指示进行安装和配置。 总的来说,《openCMS使用手册》是学习和掌握这款开源内容...

    opencms Comments

    此外,可能还支持多种身份验证机制,如基于OpenCMS用户的内置认证或第三方服务(如Google、Facebook)的社交登录,以简化评论过程。 总的来说,OpenCMS Comments模块通过提供强大的评论管理功能,增强了OpenCMS的...

    opencms中文翻译

    - **工作流程**:版本控制系统和工作流模块得到了增强,支持内容审核和多步骤发布,确保了内容质量。 - **资源管理**:资源库管理功能得到优化,支持多媒体文件的上传、预览和管理,便于组织和查找资源。 - **...

    OpenCms中文指南

    - **定义**: 内容管理系统(Content Management System, CMS)是一种用于管理和维护网站内容的软件系统。 - **特点**: - 简化内容编辑流程。 - 支持多用户协作。 - 提供模板化设计,便于非技术人员操作。 ##### ...

    opencms文档

    通过这份手册,我们可以掌握如何创建和编辑网页、管理用户和组、设置权限策略,以及如何利用OpenCms的内置功能如媒体库、模板编辑器等来构建动态网站。 最后,"源码网.url"是一个链接,可能指向一个社区或者资源库...

    opencms8_5.0

    OpenCms 8.5.0 是一款开源的内容管理系统(CMS),主要用于构建和管理网站内容。该版本发布于2012年9月21日,由 Alkacon Software GmbH 公司开发和支持。 #### 二、JSP基础知识 ##### 2.1.1 JSP特点 JSP(Java ...

    OpenCms7.0 RC 1_千寻汉化包v2.1.2完全版(包括OpenCms7介绍与汉化包使用说明)

    5. **权限系统**:用户和用户组可以被赋予不同级别的访问权限,控制他们对内容和系统的操作。 6. **多语言支持**:OpenCms支持多语言站点,对于国际化的网站运营非常重要。 7. **集成开发环境**:它提供了一套开发...

    OpenCms 8.5.1 文档

    OpenCms还提供了本地化小工具(Localization widget)、颜色选择器小工具(Color picker widget)、日期选择器小工具(Date picker widget)、类别小工具(Category widget)、用户组小工具(Group widget)、多用户组小工具...

    OpenCMS-LDAP module-开源

    4. **权限映射**:可能有代码或配置文件用于将 LDAP 中的用户组和角色映射到 OpenCMS 的权限结构。 为了成功安装和使用 OpenCMS-LDAP 模块,你需要了解 OpenCMS 的插件系统,理解 LDAP 的基本概念,以及如何配置 ...

    Opencms文档

    OpenCms是一款专业的开源内容管理系统(CMS),它可以帮助用户在网站上发布和管理内容。OpenCms提供了一个完整的文档,其中包括说明书、教程和丰富的API参考,让用户可以更深入地了解和使用该系统。 ### OpenCms...

Global site tag (gtag.js) - Google Analytics