Database Reference
In-Depth Information
through to the Unix-style permissions, which allow those in the
editors
group
read and execute access to the collection. As Jason is still an editor, he is allowed
access.
When one of the other existing editors tries to access the
nanotechnology
collection,
eXist still has to check the collection's ACL. If, after iterating through each ACE in
turn it has not found one that matches the editor by user account or group (which it
won't, unless he is Jason Green), so it falls through to the Unix-style permissions and
find the editor in the
editors
group, allowing him access with the mode
rwx
.
Allowing and restricting access
This example tries to combine aspects of the two previous examples to show a more
complex and comprehensive ACL configuration.
This time at our small publishing organization, there are several new developments:
• There has been a recruitment drive, and a number of trainees have been
recruited, some of whom will become editors. Management has decided that
these trainees should only have read access to the system while they learn the
ropes of the job. However, all trainees should have read access to any part of the
system, so that they can easily learn more about the organization's business.
• The organization wishes to give read-only access to the printers of the journals so
that they can pull the updated content directly from the system.
• Bob Ling at the printing organization will be allowed to modify the journal con‐
tent to make stylistic changes for a better printed result.
This configuration is illustrated in
Figure 8-18
.
Figure 8-18. Venn diagram of required permissions for the nanotechnology collection
We'll use the
nanotechnology
collection configured in the previous section as a start‐
ing point:
Search WWH ::
Custom Search