Support » Plugin: User Access Manager » Inheritance of category rights and the conflicts with groups direct belonging

  • Hi,

    This is an UAM (last version) problem which, for now, regarding the organisation of the rights and determination of logical priorities, I have not been able to fully solve til now.

    I have defined categories with several branches of meanings, I give the mains ones :

    • The subject(s) of an article.
    • The type of article (short – < 1000 words, basic article <5000 words, books – no limit)
    • Detailed status for management of the article life (regular, need changes, obsolete etc…(these categories are hidden for others than author, reviewer, moderator…

    The UAM-groups are mainly used to group rights, some examples are:

    • main access to level of subscribers
    • access reserved with reading rights to author, publisher, reviewer, moderator
    • obsolete documents : writing access reserved to admin and author
    • obsolete documents which cannot be seen by the visitors or subscribers but can be read, as content old source, by author, moderator, reviewer, editor etc.

    I don’t fully know how are managed the rights priorities between groups and inheritance of right from categories (it is the complex problem of “or and and” with rights (allow) and their negation (not allow). This is not described into documentation and if there are simple cases there are too some complex ones even the role of UAM is to simplify for right definitions for each article but not necessarily for structure of rights and UAM groups designer.

    My example problem is that an article which has several categories for subject classification but which is obsolete (normally should not be visible by visitor or subscribers) inherits of the rights to be viewed by the inheritance of the subjects categories (the categories). Then the that the articles doesn’t belong to a group with an unhallowed visibility for visitor or subscriber are overlapped by those of the category.

    Do you have elements about this ?

    Best regards

    Trebly

Viewing 1 replies (of 1 total)
  • Hi,

    I am waiting for an answer. Alex, do I speak completely alone into a desert ?

    I can confirm another case of the problem of the inheritance from categories (again the “and” or “or”) :

    1. I have created a category which must not be seen by anybody else than author
    2. I have created several articles which are attached to this category
    3. These articles have no UAM-groups which are not inherited from the categories
    4. The UAM-groups inherited are “author” and “reviewer” but these articles are visible by visitors (not subscribed). This is a true anomaly

    This confirm that a “or” is performed : Because the articles are not directly attached to a defined UAM-group (direct check list) but only indirectly attached to inherited groups the limitations inherited form category UAM-groups are ignored.

    Consequence :

    1. it is impossible to restrict visibility of articles attached to a particular category with limited access rights
    2. it is only possible to add access rights inherited from category
    3. restrict the access to article using UAM become quite impossible if category groups are defined : if an article is attached to a category which is visible by anybody the article will be visible by anybody…

    I think that a “and” must be assumed between inherited rights from categories UAM-groups and UAM groups defined directly for an article.

    Do you agree ?

    • If yes I must organize in one way to manage the rights (find a temporarily solution)
    • If not, this is a problem of understanding about what I mean, because I am sure that I am right. But I need to wait may be a long time to get a software solution, then I need to forget the use of the category UAM-groups of the categories (Use a more complex way for managing the rights).

    Best regards,

    Trebly

Viewing 1 replies (of 1 total)
  • The topic ‘Inheritance of category rights and the conflicts with groups direct belonging’ is closed to new replies.