Enabling Access Control for WebDAV
You can control who accesses WebDAV-enabled documents and directories and what operations different users or different groups of users can perform upon the files. You can also completely prohibit access to a file or folder or you can restrict access to certain authenticated users.
If the default access control (ACL) that governs your server is not restrictive or flexible enough for your needs, you can use the Restrict Access function (choose Server Preferences and click the Restrict Access link) to create an ACL that is more appropriate for restricting access to WebDAV-enabled resources.
WebDAV requests are authenticated and authorized by the AuthTrans and PathCheck NSAPI stages respectively. In the following example, an access control rule is defined that denies write and delete access to the collection /catalog to all except a user named "joe":
acl "uri=/catalog/*"; deny(all) user="anyone"; allow (read,list,execute,info) user = "all"; allow(write,delete) user="joe";
For more details, refer to Editing a WebDAV Collection.
Restricting Access on WebDAV-Enabled Resources
Access control for a WebDAV collection is specified using native ACL files. Every WebDAV method requires a particular access right to a WebDAV-enabled resource. For example, if a WebDAV-enabled file is to be shared by concurrent users, in order to lock or unlock the resource for concurrency control, a write permission to the resource is required.
The following table below summarizes the rights required for WebDAV methods.
Table 19–4 Rights required for WebDAV|
DAV Methods |
Access Rights Needed |
|---|---|
|
DELETE |
delete |
|
PROPFIND |
read |
|
PROPPATCH |
write |
|
LOCK/UNLOCK |
write |
|
MKCOL |
write |
|
COPY(src,dst) |
src - read dst - write |
|
MOVE(src,dst) |
src - delete dst - write |
|
GET on request-uri |
read |
|
GET on request-uri Translate:f |
read |
|
PUT on request-uri |
write |
|
PUT on request-uri Translate:f |
write |
- © 2010, Oracle Corporation and/or its affiliates