Bug 31244

Summary: AC live: Authoring node - world credential cannot be deleted
Product: Lenya Reporter: Simon Dutil <s.dutil>
Component: Access ControlAssignee: Lenya Developers <dev>
Status: NEW ---    
Severity: normal CC: dev
Priority: P3    
Version: 1.2   
Target Milestone: 1.2.6   
Hardware: PC   
OS: Windows XP   

Description Simon Dutil 2004-09-15 14:23:33 UTC 
For the authoring section, the access right "world ( the world )" is defined in 
the Ac live tab.  Right next to it, there is a delete button but clicking on it 
have no effects!

Having "the world" defined at that level is preventing users from using the 
access controler feature for the live section.  Even if a group is added to 
restrict access to a page, anyone is still allowed to visit it.

This issue can be fixed by removing <ac:world>...</ac:world> directly from
subtree-policy.acml file located in 
\\lenya\lenya\pubs\$myPub\config\ac\policies\live
Comment 1 Gregor J. Rothfuss 2004-10-29 02:41:50 UTC 
andreas,

is this a design decision?
Comment 2 Andreas Hartmann 2004-10-29 07:49:39 UTC 
Yes, this is by design.

<quote>
Even if a group is added to  restrict access to a page, anyone is still allowed
to visit it.
</quote>

If this is really the case, it is a bug. Adding a user/group/ip-range on AC live
should restrict access to this accreditable.
Comment 3 J 2006-05-02 17:12:34 UTC 
what is the status of this issue?
Comment 4 Mark Thomas 2009-06-10 13:34:55 UTC 
Reset assignee so e-mail goes to list