Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [che-dev] Question about Uses, Roles and Workspace access
If I understand you correct - You mean you assign those roles as for application scope?
How if so? 

I believe "workspace/admin", "workspace/developer"  are not a global roles, they intended to be used in the context of particular workspace.
And so they are physically assigned for workspace member - i.e. "workspace member has a role of ..."



Gennady Azarenkov - CTO @ codenvy.com


On Mon, Mar 7, 2016 at 4:59 PM, Cohen, Dror <dror.cohen@xxxxxxx> wrote:

Hi,

I would appreciate an explanation on Che Workspace permissions:

 

I am creating che users with the following roles: "workspace/admin", "workspace/developer"

Currently,

User A can read and even modify a file in user B's workspace, even if I created the file in a 'visibility=private'  project.

 

When debugging (in che_core_vfs_impl) , I see that read or write permission is granted based on ACLs, on the user's "workspace/developer" role,

even though that user is not a member of that workspace…

Could it be that this check is missing?

 

Or am I doing something wrong here…

I am trying to restrict a user's write access to another workspace.

 

I appreciate your help

Regards,

Dror


_______________________________________________
che-dev mailing list
che-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/che-dev


Back to the top