Forum OpenACS Q&A: Re: permissions and Negative Overriding

Collapse
2: Re: permissions and Negative Overriding (response to 1)
Posted by Don Baccus on 04/16/03 06:27 AM
I'll have to re-read the requirements doc ... Ars Digita never implemented this though it is something I've thought about.  I've not done so because the extra layer would, I think, kill scalability of the permissions system.

Anyway ... no, there's no way to tell it that user U should not have the same privileges as other members of group G.  The only way to do what you describe is to assign privileges to individual users in the group rather than the group at large.  Or to create relational segments (group subsets) to further partition the group and assign permissions on that basis.

Collapse
3: Re: permissions and Negative Overriding (response to 2)
Posted by Tilmann Singer on 04/16/03 10:16 AM
I wonder why this could be useful except in the most exotic cases, and I think there is almost always a feasible way around it, especially rel_segs as Don mentioned. Also I can't imagine a UI that implements this and isn't intimidatingly confusing.