Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-15229

Remove ability to setup negative ACLs in the UI

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0
    • Component/s: Security / Rights
    • Epic Link:
    • Tags:
    • Impact type:
      Configuration Change
    • Upgrade notes:
      Hide

      To re-enable negative ACL (deny permissions) in the UI the following needs to be added to nuxeo.conf:

      nuxeo.security.allowNegativeACL=true

      Note that this is only possible for VCS, as DBS (MongoDB) doesn't allow negative ACLs.

      Show
      To re-enable negative ACL (deny permissions) in the UI the following needs to be added to nuxeo.conf: nuxeo.security.allowNegativeACL=true Note that this is only possible for VCS, as DBS (MongoDB) doesn't allow negative ACLs.
    • Sprint:
      Sprint 1

      Description

      Starting from 5.9.6. User can only grant permissions or block inheritance. The grand/deny action should be disabled with the value grant selected. A compatibility mode should allow to re-enable the deny value.

        Attachments

          Issue Links

            Activity

            Hide
            hudson Jenkins added a comment -

            FAILURE: Integrated in addons_FT_nuxeo-signature-master #474
            NXP-15229: fix selenium tests after removal of negative ACL (nelson.silva: a86c9c6b448b888499c54d39d90959c8333455ce)

            Show
            hudson Jenkins added a comment - FAILURE: Integrated in addons_FT_nuxeo-signature-master #474 NXP-15229 : fix selenium tests after removal of negative ACL (nelson.silva: a86c9c6b448b888499c54d39d90959c8333455ce )
            Hide
            hudson Jenkins added a comment -

            FAILURE: Integrated in addons_FT_nuxeo-signature-master #475
            NXP-15229: fix broken selenium tests (nelson.silva: 7a64c5c9c2f5c3187b40aaac2de17eaa11131154)

            Show
            hudson Jenkins added a comment - FAILURE: Integrated in addons_FT_nuxeo-signature-master #475 NXP-15229 : fix broken selenium tests (nelson.silva: 7a64c5c9c2f5c3187b40aaac2de17eaa11131154 )
            Hide
            hudson Jenkins added a comment -
            Show
            hudson Jenkins added a comment - SUCCESS: Integrated in addons_FT_nuxeo-jbpm-master #840 NXP-15229 : fix typo (nelson.silva: d5a453276e20a2b538e14351be1e9aa6bc2c59e0 )
            Hide
            hudson Jenkins added a comment -

            SUCCESS: Integrated in nuxeo-master #455
            NXP-15229: deprecate negative ACE (jenkins: 3919729bfbe5ebbaf9f80809cc68f43f7b505d4d)
            NXP-15229: remove ability to deny permissions (jenkins: 2e7fa9cf635fbfe9405d54596483bd31f43d9d4e)
            NXP-15229: remove ability to deny permissions (jenkins: ed128f20a0addc905fbc5209343a8d25eb59d962)
            NXP-15229: remove grant/deny selection when negative ACL are disabled (jenkins: d96232764049775ba77b232588befe26fecffdbc)
            NXP-15229: remove grant/deny selection when negative ACL are disabled (jenkins: 17603ac9d1bdd60a513edcbc0b81e000124bf6e0)
            NXP-15229: add label for grant permission (jenkins: 3434e8b1f81cb2c6792c2164feb8e967af3fffd5)
            NXP-15229: rename allowNegativeACE to allowNegativeACL (jenkins: c4887ebd7f8624e416fb551696698a596420cd06)

            Show
            hudson Jenkins added a comment - SUCCESS: Integrated in nuxeo-master #455 NXP-15229 : deprecate negative ACE (jenkins: 3919729bfbe5ebbaf9f80809cc68f43f7b505d4d ) NXP-15229 : remove ability to deny permissions (jenkins: 2e7fa9cf635fbfe9405d54596483bd31f43d9d4e ) NXP-15229 : remove ability to deny permissions (jenkins: ed128f20a0addc905fbc5209343a8d25eb59d962 ) NXP-15229 : remove grant/deny selection when negative ACL are disabled (jenkins: d96232764049775ba77b232588befe26fecffdbc ) NXP-15229 : remove grant/deny selection when negative ACL are disabled (jenkins: 17603ac9d1bdd60a513edcbc0b81e000124bf6e0 ) NXP-15229 : add label for grant permission (jenkins: 3434e8b1f81cb2c6792c2164feb8e967af3fffd5 ) NXP-15229 : rename allowNegativeACE to allowNegativeACL (jenkins: c4887ebd7f8624e416fb551696698a596420cd06 )
            Hide
            hudson Jenkins added a comment -

            FAILURE: Integrated in nuxeo-master-fullbuild-part1-multidb-windows #1100
            NXP-15229: deprecate negative ACE (jenkins: 3919729bfbe5ebbaf9f80809cc68f43f7b505d4d)
            NXP-15229: remove ability to deny permissions (jenkins: 2e7fa9cf635fbfe9405d54596483bd31f43d9d4e)
            NXP-15229: remove ability to deny permissions (jenkins: ed128f20a0addc905fbc5209343a8d25eb59d962)
            NXP-15229: remove grant/deny selection when negative ACL are disabled (jenkins: d96232764049775ba77b232588befe26fecffdbc)
            NXP-15229: remove grant/deny selection when negative ACL are disabled (jenkins: 17603ac9d1bdd60a513edcbc0b81e000124bf6e0)
            NXP-15229: add label for grant permission (jenkins: 3434e8b1f81cb2c6792c2164feb8e967af3fffd5)
            NXP-15229: rename allowNegativeACE to allowNegativeACL (jenkins: c4887ebd7f8624e416fb551696698a596420cd06)

            Show
            hudson Jenkins added a comment - FAILURE: Integrated in nuxeo-master-fullbuild-part1-multidb-windows #1100 NXP-15229 : deprecate negative ACE (jenkins: 3919729bfbe5ebbaf9f80809cc68f43f7b505d4d ) NXP-15229 : remove ability to deny permissions (jenkins: 2e7fa9cf635fbfe9405d54596483bd31f43d9d4e ) NXP-15229 : remove ability to deny permissions (jenkins: ed128f20a0addc905fbc5209343a8d25eb59d962 ) NXP-15229 : remove grant/deny selection when negative ACL are disabled (jenkins: d96232764049775ba77b232588befe26fecffdbc ) NXP-15229 : remove grant/deny selection when negative ACL are disabled (jenkins: 17603ac9d1bdd60a513edcbc0b81e000124bf6e0 ) NXP-15229 : add label for grant permission (jenkins: 3434e8b1f81cb2c6792c2164feb8e967af3fffd5 ) NXP-15229 : rename allowNegativeACE to allowNegativeACL (jenkins: c4887ebd7f8624e416fb551696698a596420cd06 )

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 day Original Estimate - 1 day
                  1d
                  Remaining:
                  Time Spent - 1 day Remaining Estimate - 4 hours
                  4h
                  Logged:
                  Time Spent - 1 day Remaining Estimate - 4 hours
                  1d