Dieter Maurer wrote:
bruno modulix wrote at 2005-9-28 10:02 +0200:
Dieter Maurer wrote: ...
Sounds like a permission to role mapping flaw...
Apparently, roles controlled by the "Portal" UserFolder (e.g. "Authenticated") are allowed to do things in your CPM that you only be allowed by roles controlled by their UserFolder.
You may be able to fix this by making the roles controlled by the "Portal" and the "CPM" level disjoint.
"Authenticated" cannot be made disjoint -- but you may not use it inside your CPMs.
The problem here is that CPS (the portal and all CPMs are CPS instances) uses predefined roles, on which the various workflows relies, so that would mean renaming all roles - differently - on each CPM, and modifying the workflows too.
I think that is would only be necessary that the roles are disjoint between "Portal" and "CPM". All "CPM"s can use the same roles.
Nope. Some users may have different roles from CPM to CPM.
Given that the customer is going to create new CPMs "at will", I'm afraid this solution is somewhat unpractical...
Maybe, this changes when you need to touch only the "Portal" roles?
I don't want to mess with CPS predifined roles. But thanks anyway. -- Bruno Desthuilliers Développeur bruno@modulix.org