OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] XACML Studio: problem with deleting policies

You need to have admin permissions to delete. There is a property in development/production.rb that is called:

XS_Config.super_users = ['user_name']

It's actually a list of all admin users.

Add there all users that need write/change/delete access.

Hope it helps.

----- Original Message ----
From: Bernard Butler <bbutler@tssg.org>
To: xacml-users@lists.oasis-open.org
Sent: Fri, March 5, 2010 3:11:29 PM
Subject: [xacml-users] XACML Studio: problem with deleting policies


When working in XACML Studio, I tried to delete some obsolete policies
only to get the following message:
FAILED TO DELETE: Not Authorized

I searched for that text and the alert is raised in

It seems to send an Ajax request as follows:
                var request = Ext.Ajax.request({
                   url: path,
                   node: node,
                   params: {_method:'delete', authenticity_token:
                   success: function(resp,opt){XSU.deleteNode(opt['node']);},
                   failure: function(resp,opt){alert("FAILED TO DELETE:

The authenticity_token looks suspicious because it is a hardcoded value. 
Sometimes such tokens come from cookies, but there is no attempt made by
the code to read any cookie value.  I tried putting in the value of the
session cookie created when I logged in earlier, but it didn't work.

I would welcome any advice on how to overcome this problem.


To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xacml-users-help@lists.oasis-open.org


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]