[che-dev] Question about Uses, Roles and Workspace access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[che-dev] Question about Uses, Roles and Workspace access

From: "Cohen, Dror" <dror.cohen@xxxxxxx>
Date: Mon, 7 Mar 2016 14:59:30 +0000
Accept-language: en-US
Delivered-to: che-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/che-dev>
List-help: <mailto:che-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/che-dev>, <mailto:che-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/che-dev>, <mailto:che-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AdF4fh4x/KTSn/1QS/emt/LiGlgkug==
Thread-topic: Question about Uses, Roles and Workspace access

Hi,

I would appreciate an explanation on Che Workspace permissions:

I am creating che users with the following roles: "workspace/admin", "workspace/developer"

Currently,

User A can read and even modify a file in user B's workspace, even if I created the file in a 'visibility=private' project.

When debugging (in che_core_vfs_impl) , I see that read or write permission is granted based on ACLs, on the user's "workspace/developer" role,

even though that user is not a member of that workspace…

Could it be that this check is missing?

Or am I doing something wrong here…

I am trying to restrict a user's write access to another workspace.

I appreciate your help

Regards,

Dror

Follow-Ups:
- Re: [che-dev] Question about Uses, Roles and Workspace access
  - From: Gennady Azarenkov

Prev by Date: [che-dev] Changelog: improve import from SSH error notification for UD
Next by Date: Re: [che-dev] Question about Uses, Roles and Workspace access
Previous by thread: [che-dev] Changelog: improve import from SSH error notification for UD
Next by thread: Re: [che-dev] Question about Uses, Roles and Workspace access
Index(es):
- Date
- Thread

Breadcrumbs