Andreas Nilsen

Authorization Manager permissions for repository-level authorization with private workspaces

Discussion created by Andreas Nilsen on Feb 11, 2013
Latest reply on Feb 12, 2013 by Andreas Nilsen



We have a repository of type "File BVS with private workspaces".

We have implemented a custom authorization manager.

Generally we have two types of permissions, read-only and read-write.


We have implemented these permessions according to the documentation

"Implementing an Authorization Manager > Addendum B: Setting Typical Categories for Repository-level Authorization".


This addendum specifies that for read-only users, "NdRepositoryDirectoryEntryAddAuthorizationRequest" and "NdRepositoryEntryAttributesWriteAuthorizationRequest" should be "Deny" for read-only users.


However, these requests are issued when creating and updating a workspace.


So how do we go about in limit RO-users to read-access to the repository, but still allow creation of a private workspace? Is denying the *EntryLock* / *EntryUnlock* requests enough for denying RO-users the ability to modify versioned repositories?