Return-Path: Delivered-To: apmail-maven-continuum-users-archive@www.apache.org Received: (qmail 39080 invoked from network); 10 Oct 2007 06:45:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Oct 2007 06:45:51 -0000 Received: (qmail 34492 invoked by uid 500); 10 Oct 2007 06:45:38 -0000 Delivered-To: apmail-maven-continuum-users-archive@maven.apache.org Received: (qmail 34458 invoked by uid 500); 10 Oct 2007 06:45:37 -0000 Mailing-List: contact continuum-users-help@maven.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: continuum-users@maven.apache.org Delivered-To: mailing list continuum-users@maven.apache.org Received: (qmail 34447 invoked by uid 99); 10 Oct 2007 06:45:37 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Oct 2007 23:45:37 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [80.168.101.18] (HELO relay00-mail.uk.clara.net) (80.168.101.18) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Oct 2007 06:45:40 +0000 Received: from chb28-2-88-163-39-128.fbx.proxad.net ([88.163.39.128]:3405 helo=[127.0.0.1]) by relay00-mail.uk.clara.net (smtp-vh.amenworld.com [195.8.80.30]:251) with esmtpa (authdaemon_plain:emmanuel@venisse.net) id 1IfVGh-0000yf-17 (Exim 4.60) for continuum-users@maven.apache.org (return-path ); Wed, 10 Oct 2007 06:42:07 +0000 Message-ID: <470C741B.2000701@venisse.net> Date: Wed, 10 Oct 2007 08:41:31 +0200 From: Emmanuel Venisse User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: continuum-users@maven.apache.org Subject: Re: Guest security in 1.1-beta-3 References: <13116972.post@talk.nabble.com> <470B9CE6.7060200@venisse.net> <13119043.post@talk.nabble.com> In-Reply-To: <13119043.post@talk.nabble.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Look at this file (http://svn.apache.org/repos/asf/maven/continuum/trunk/continuum-security/src/main/resources/META-INF/redback/redback.xml), it defines all roles and inheritence between each roles. If you write a patch, I don't think it will be in 1.1 but you'll have it for your instance. Emmanuel Tom Schneider a écrit : > Could this be split out, or is it too late for 1.1 series? I'd be willing to > create a patch if I can figure it out. This is a critical enough issue for > us that I'm considering taking another look at hudson. > Tom > > > Emmanuel Venisse wrote: >> >> >> Tom Schneider a écrit : >>> I'd like to configure the guest account in Continuum 1.1-beta-3 to work >>> like >>> it did in 1.0.3. The guest account should only be able to see the >>> projects >>> and kick off a build manually, but not add a project or do any other >>> administrative tasks. (Essentially the guest behavior in 1.0.3) Is there >>> a >>> way to do this? >>> >>> None of the built-in roles support this subset of access. From what I >>> can >>> tell, the role 'Continuum Group Project User' allows a user to see the >>> projects, but not kick off a build manually. The role 'Continuum Group >>> Project Developer' allows a user to kick off a build, but also to added >>> new >>> poms and other stuff that I don't want guest to do. >> The build role is a part of the project group developer and can't be >> split. >> >> Emmanuel >> >> >> >