Database Reference
In-Depth Information
• We could create a new group called
editorsAndBobSmith
, add all the existing
members of
editors
to the new group, add Bob Smith to the group, and then
change the group applied to the
medical-neuroscience
collection from
editors
to
editorsAndBobSmith
.
We have not caused any security issues here, but this seems like quite a lot of
work and is quite messy! Not to mention, we would have to undo these changes
when the original content editor returned.
• As Bob Smith is an exception to the rule encoded in the permissions of the col‐
lection, we could add an ACE to the ACL for the
medical-neuroscience
collection
that allows Bob Smith access to that collection.
This is most likely the simplest approach, and arguably the easiest to manage
over time.
Let's see how the configuration for the
Medical Neuroscience Journal
might look if we
solved this problem using an ACL:
Collection
/db/journals/review/medical-neuroscience
ACL
Target type
ID
Access type
Mode
ACE:0
USER
bobsmith ALLOWED
rwx
Unix-style permissions
Owner
Group
Mode
admin
editors rwxrwx---
When Bob Smith tries to access the
medical-neuroscience
collection, eXist checks the
collection's ACL, iterating through each ACE in turn until it finds one that matches
Bob Smith. In this case the first ACE matches the user
bobsmith
and allows Bob
Smith access to the collection with the mode
rwx
, allowing Bob to go about his tem‐
porary job.
When one of the
other
existing editors tries to access the
medical-neuroscience
collec‐
tion, eXist still has to check the collection's ACL. If, after iterating through each ACE
in turn it has not found one that matches the editor by user account or group, and so
it falls through to the Unix-style permissions and find the editor in the
editors
group, allowing her access with the mode
rwx
.
Search WWH ::
Custom Search