Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon3.gif   Access Control, posted by Grant Jeffcote on Mon May 12 10:16:21 2008 
    icon2.gif   Re: Access Control, posted by Yoshio Imai on Tue May 13 16:58:40 2008 
       icon2.gif   Re: Access Control, posted by Grant Jeffcote on Tue May 13 21:56:30 2008 
          icon2.gif   Re: Access Control, posted by Grant Jeffcote on Thu May 15 17:45:44 2008 
             icon2.gif   Re: Access Control, posted by Hal Proctor on Tue Apr 14 20:00:08 2009 
Message ID: 65879     Entry time: Tue May 13 16:58:40 2008     In reply to: 65878     Reply to this: 65880
Icon: Reply  Author: Yoshio Imai  Author Email:  
Category: Question  OS:   ELOG Version: 2.7.3-1024 
Subject: Re: Access Control 

Grant Jeffcote wrote:
At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access.

I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5

Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5

This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).

Perhaps you can give it a try.
ELOG V3.1.5-3fb85fa6