The problem is readily apparent when you consider haing access groups consisting of the same or different subsets of directories with different collections of priveleges. Your case where a user either has access or does not, oversimplifies things because it does not take into account read/write/delete actions on the same or differing subsets of the same directories for groups of users. (ie, merging a user into a group can see the games folder, can list directory contents of games, can download from games with one that can not upload to games and can not delete from games, can not see the games folder, can not list directory contents of games, can not download from games, can not upload to games or can not delete from games.) To extend your model to my situation, I would need to create an access group for each directory and privelege combination possible. This amounts to the same thing if not worse because of the possibility to not determine what access an individual has after being assigned to sets of groups with conflicting access priveleges. I also do not care for the appleshare method which I find extremely limited. In my mail to you I outlined that I do hae experience with other operating systems, some of which use much better methods of access control. The only thing I agree with is the need for a better way to manipulate the access group files, and the items within them.
On 5/14/98 7:18 AM, Andy Daws wrote:
>I fail to see the confusion I think that it actually make life easier >were you have very diverse user use. Here is an example, say you set up >group that contains all the paths to Pictures, then you set up a group >that contains paths to downloadable games. > > You have three users User 1 has paid for picture usage so you just add >that group to his group list, user 2 has only paid for games so you only >add this group to his list but user 3 wants both Pictures and Games at >this stage you have to create an additional group normally but what I'm >suggesting it that you would just add both groups to his group list. >You could still shift click multiple users and add the group (But now be >able to select multiple groups) to all users in one stroke. > > This is no different than a Appleshare Server users can belong to more >than one group depending on the job they are doing. With OS's other >than MacOS they take it another step and you can have more than one >group added to a folder so you only need to add the user to one group. >And if you really want to be confused take a look at novell were you >have things like inhertied rights masks. > > >On 13/5/98 5:57 pm, Daniel O'Leary wrote: > >>How would you resolve the issue of different access privleges within a >>path common to both groups? I would rather NOT be confused by this >and >>cause a real seccurity problem on my site. >
