How to override groups permission over users permission in SenseNet?

Question

I am using SenseNet V 6.3 Community Edition.

I am doing these steps:

I have set Allow permission of node p to user xyz@xyz.com
Access node p from user xyz@xyz.com by Node.LoadNode() (Successful)
I have set deny permission of node p to user xyz@xyz.com
I have set allow permission of node p to group which have xyz@xyz.com as member
Access node p from user xyz@xyz.com by Node.LoadNode() (Error)

I am getting Access Denied error.

It seems not overriding groups permission over users permission or it seems not overriding latest permission.

How can I achieve this?

score 3 · Accepted Answer · answered Mar 29 '19 at 08:24

3

This is by design: deny permission is always stronger than allow. So if you set explicit deny for a user, you cannot allow the same thing through a group. The time of setting the permissions or whether it is a group or user does not matter: the rule is that deny overrides allow.

This is why working with deny should be the last option. It is better to remove the allow permission for a user and than you can allow it through a group.

For details about breaking permissions, local permissions and the whole permission system in general, please visit this article.

answered Mar 29 '19 at 08:24

Miklós Tóth

1,490
13
19

how can I remove allow permission of specific user for specific node c# api ? – Trimantra Software Solution Mar 29 '19 at 11:32
1

Hi @miklos , I got how to remove allow permission instead of deny permission, Thanks for your response – Trimantra Software Solution Apr 01 '19 at 08:59

How to override groups permission over users permission in SenseNet?

1 Answers1