Under /taminowebdavserver there are several folder: administration, history, workingresource workspace.
Consider the following: in our webdav database folder we set rigid access rights for different users. How do we have to set ACL on these folders without breaking the function of history.
Ideally we would like to remove any access at all.
Currently, neither one of the 2 specs, DeltaV and ACL, tell how security and versioning should interact with each other. We have asked for that but there have been no satisfactory anwers yet.
So, we currently can only refer you to make use of some workaround, e.g.:
1) Run TWS inside Apache and use Apache’s capabilities additionally(see thread “security question” in this forum:
http://tamino.forums.softwareag.com/viewtopic.php?p=4096).
The HTTP connector of Tomcat should be disabled, otherwise the /history scope wouldn’t be protected over the port 4000.
2) Write a servlet filter which rejects access to “those other” folders for all users but the administrator.
Regards,
Peter
The link to the “security question” thread:
http://tamino.forums.softwareag.com/viewtopic.php?p=4096