User in multiple groups: are permissions combined? #6497
Replies: 2 comments
-
A deny rule will always override the allow rule in this scenario, by design. A quick solution would be to simply remove user2 from the global group and grant write to all paths to group tech. Its not pretty, but it should work. Or you could use a different path matching, as "path starts with" has the lowest priority. See here: |
Beta Was this translation helpful? Give feedback.
-
Thanks for the hint about the path matching priorities: effectively, using a simple path regexp match on the group tech allow rule (referring to my original example) did the trick. I'd rather do this than having to maintain manually a list of allowed, more precise path for the group. |
Beta Was this translation helpful? Give feedback.
-
Hi all, I'd like to achieve a permissions setup where all the wiki users belonging to a general group have read/write access to all content, except for some paths where only a more specialized group has exclusive write access.
I have configured a situation like:
group all: user1, user2, user3
read: / granted
write: / granted ; path starts with /some/path/ denied
group tech: user2
read, write: path starts with /some/path/ granted
However, user2 and any other user in the group tech are not able to edit the pages below /some/path.
Is that by design or am I doing something wrong? How could I achieve this kind of permission control otherwise?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions