andrew at morphoss
May 17, 2012, 12:42 PM
Post #4 of 5
(275 views)
Permalink
|
|
Re: Permissions, ldap, multiple calendars
[In reply to]
|
|
On Mon, 2012-05-14 at 16:37 -0400, Bobby Krupczak wrote:
> Hi!
>
> > http://wiki.davical.org/w/Setup_for_Apple_Users#iCal_handles_principal_grants.2C_not_collection_grants
>
> > iCal handles principal grants, not collection grants
> > So you need to restrict access at the collection level after
> > granting broader access at the principal level, and users may still
> > see delegated calendars that they cannot actually read and/or write
> > to.
>
> I see that now. I previously read this doc, last week, but it did not
> make much sense given my lack of understanding of the overall
> permission model. I'm just now kinda figuring out what principals,
> users, etc. are and by poking my way through it.
>
> By the by, I got an ipad/iphone work but am struggling with
> thunderbird/lightning.
>
> Are there similar issues with thunderbird/lightning? I granted
> principal permission to a user along with calendar permissions but
> that user cannot see any calendars.
Yes. Although Lightning is configured on a calendar by calendar basis,
for some reason it still makes a request against the Principal URL and
so needs the permission "read current user privileges" on there. That's
a lot less privilege than 'read' though.
> Does a user have to specifically grant him or herself permissions to
> his/her calendars?
No: there is no way to restrict an owner from accessing their own
collections.
Cheers,
Andrew.
--
------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com +64(272)DEBIAN
VMS must die!
------------------------------------------------------------------------
|
signature.asc
