https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32174#M16682 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>You are correct. Only one ACL_METHOD.&lt;AUTHORITY&gt; entry is expected.</SPAN><BR /><SPAN>You could avoid the issue by creating a group of users allowed to execute the method. "GROUP_User Managers" and include admins as things stand!</SPAN><BR /><BR /><SPAN>The other forms ACL_NODE for example are all "anded" together.</SPAN><BR /><BR /><SPAN>I will raise this as an issue.</SPAN><BR /><BR /><SPAN>However, the control is against the user having an *authority* membership (username, group) NOT a permission or group of permissions. The ROLE_ADMINISTRATOR is an authority used for global administrators.</SPAN><BR /><BR /><SPAN>The code could also check if a user has a global permission. It does not.</SPAN><BR /><SPAN>I will add this as a request. Apologies, for some reason I thought that it did.</SPAN><BR /><BR /><A href="http://www.alfresco.org/jira/browse/AR-473" rel="nofollow noopener noreferrer">http://www.alfresco.org/jira/browse/AR-473</A><BR /><A href="http://www.alfresco.org/jira/browse/AR-474" rel="nofollow noopener noreferrer">http://www.alfresco.org/jira/browse/AR-474</A><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Tue, 07 Mar 2006 12:37:01 GMT andy 2006-03-07T12:37:01Z https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32173#M16681 File: ACLEntryVoter.javaFunction: public int vote(Authentication, Object, Config){}Issue: return authorityService.getAuthorities().contains(cad.authority) ? AccessDecisionVoter.ACCESS_GRANTED&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : AccessDecisionVoter.ACCESS_DENIED;‍‍Multiple acl parameters of type ACL_METHOD Mon, 06 Mar 2006 22:58:51 GMT https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32173#M16681 steel 2006-03-06T22:58:51Z https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32174#M16682 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>You are correct. Only one ACL_METHOD.&lt;AUTHORITY&gt; entry is expected.</SPAN><BR /><SPAN>You could avoid the issue by creating a group of users allowed to execute the method. "GROUP_User Managers" and include admins as things stand!</SPAN><BR /><BR /><SPAN>The other forms ACL_NODE for example are all "anded" together.</SPAN><BR /><BR /><SPAN>I will raise this as an issue.</SPAN><BR /><BR /><SPAN>However, the control is against the user having an *authority* membership (username, group) NOT a permission or group of permissions. The ROLE_ADMINISTRATOR is an authority used for global administrators.</SPAN><BR /><BR /><SPAN>The code could also check if a user has a global permission. It does not.</SPAN><BR /><SPAN>I will add this as a request. Apologies, for some reason I thought that it did.</SPAN><BR /><BR /><A href="http://www.alfresco.org/jira/browse/AR-473" rel="nofollow noopener noreferrer">http://www.alfresco.org/jira/browse/AR-473</A><BR /><A href="http://www.alfresco.org/jira/browse/AR-474" rel="nofollow noopener noreferrer">http://www.alfresco.org/jira/browse/AR-474</A><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Tue, 07 Mar 2006 12:37:01 GMT https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32174#M16682 andy 2006-03-07T12:37:01Z https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32175#M16683 <HTML><HEAD></HEAD><BODY><SPAN>Great.</SPAN><BR /><SPAN>I do understand that the ACL is for authority membership, I just typed it incorrectly.</SPAN></BODY></HTML> Tue, 07 Mar 2006 15:25:07 GMT https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32175#M16683 steel 2006-03-07T15:25:07Z https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32176#M16684 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>More than one ACL_METHOD entry is now supported.</SPAN><BR /><BR /><SPAN>One or more authorities specified by the ACL_METHOD entries must be present for the user trying to invoke the method.</SPAN><BR /><BR /><SPAN>Global permissions are not supported as part of ACL_METHOD and on reflection this does not make much sense.</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Fri, 27 Oct 2006 15:15:45 GMT https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32176#M16684 andy 2006-10-27T15:15:45Z https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32177#M16685 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote">Hi<BR /><BR />More than one ACL_METHOD entry is now supported.<BR /><BR />One or more authorities specified by the ACL_METHOD entries must be present for the user trying to invoke the method.<BR /><BR />Global permissions are not supported as part of ACL_METHOD and on reflection this does not make much sense.<BR /><BR />Regards<BR /><BR />Andy</BLOCKQUOTE><BR /><SPAN>Excellent! Thank You.</SPAN></BODY></HTML> Fri, 27 Oct 2006 16:03:35 GMT https://connect.hyland.com/t5/alfresco-archive/possible-bug/m-p/32177#M16685 steel 2006-10-27T16:03:35Z