Security user group's ACL overriding the default DB's ACL

Hello all,

I can’t seem to be able to have tamino override the settings in the default ACL, for the same node, with an ACL that is associated with the user group I am loggin in with.

In other words:

I have a user “peter”. “peter” is part of a user group “admin”. This user group has an ACL associated with it, and the ACL has an ACE with node “test” (collection) and permission “full”.

Now I have a user group called “hahaha” (same as the DB’s name). This user group is associated with an ACL called “hahaha” (hence this is the default ACL). This ACL has an ACE exactly like the one above: node = “test” and permission “no”.

Now I open X-Plorer, log into the DB as “peter” and try to delete the collection “test”. No luck. This is what X-plorer replies:


Tamino access failure (INOXME8598, Access violation)

8598
INOXME8598
Access violation





If I delete (basically I have to recreate the ACL - very frustrating, why isn’t there a “delete ACE” in the SMH ?!?) the ACE in the default ACL, then I can delete the collection “test” in the DB.


From what I understand, the ACL associated with the user group under which my login user name belongs to should override the default ACL.

What am I doing wrong?

I’ve tried the tech support, but honestly, the guy had no idea what I was talking about. I think I knew more about Tamino then he did :frowning:

Thank you in advance,

Peter

Hello Peter,

I would like to have a look into this for you.
Could you please give me some details on your environment - which Tamino (and which hotfix level), which OS, which Java, etc.?

Thanks in advance,
Trevor.

Hello Trevor,

----------------------------------------------
Hello Peter,

I would like to have a look into this for you.
Could you please give me some details on your environment - which Tamino (and which hotfix level), which OS, which Java, etc.?

Thanks in advance,
Trevor.
----------------------------------------------

our environment is for now rather simple, since we are right now testing Tamino and waiting for budget aproval to buy it.

Tamino, ver 4.1.1.1 sits on a Win2K Pro machine with SP3, and is accessed through IIS.

As far as I know, there is no hotfix for Tamino 4.1.1.1.

I use a developer machine, that is also a Win2K machine with SP3 to connect to the IIS on the server where Tamino resides.

I just created a test DB on Tamino that has nothing in it, except 3 empty collections.

We are going to develop in the ASP.NET environment, running on the .NET framework, so we’ll be using the .NET API provided by Software AG.

However, like I said in my original post, I have trouble doing basic actions in X-Plorer, and that is written (from what I can see) using the Java API. I haven’t even gone as far as using .NET API yet.

Thank you for your help!

One more thing…

The DB is set to authenticate using Tamino, not webserver

Peter

Hello all,

I found my answer.

Because atuhentication, under Properties → XML (in SMH) is a non-dynamic property, I needed to stop the DB & restart it.

Since I haven’t done that, and since my IIS server was set to anonymous access, it wasn’t passing any user/pw info to Tamino, and hence Tamino only applied the default ACL, prohibiting me to delete my test collection in X-Plorer.

Restarting the DB and after some tweaking with IIS default security, I got it to work.

Thanks again for your interest to help out.

Peter

Hello Peter,

gosh - I wish all problems were solved in this manner! I was just gearing up for doing some testing when your posting was e-mailed to me.

I’m glad that you solved the puzzle, and thank you for posting a follow-up to share the information.

Best Regards,
Trevor.