ACL: how to restrict access to a defined list of people?

joe · March 24, 2022, 11:25am

Hello,

Let’s say that my organization contains different groups of users. Let’s say “Staff” and “Students”

How can I make resources hosted on Staff member pods only accessible to Staff members? How and where can I define who is part of the Staff group? And make sure that no student can pretend to be a Staff member?

Also, would it be possible ( and would it make sense ) to store data on Student’s Pod, only accessible for Staff members? Or should Pod owners always have full control over their data?

bourgeoa · March 24, 2022, 5:33pm

To restrict access to staff you should use acl:agentGroup predicate (Web Access Control)

The object group can be defined directly or use the contacts-pane from SolidOS
Actually a pod-owner has full control on ACL of the pod
You may consider that the pod-owner in not the pod-WebID but an other admin. In this case the Student’s pod can have areas of datas that the student’s WebID cannot have Control on. The consequence is that the Student’s pod is not fully owned by the Student and an admin can have access to the private students datas.
The solid spirit is somehow broken. It is better to give access to the student on a dedicated staff managed content

Topic		Replies	Views
How does an app access only parts of a user's Pod Solid App Development FAQs	2	741	July 9, 2019
Acl $ owner/superuser / solid spec Solid Specification	2	635	April 17, 2020
Decentralized Web Browser for Android Ideas for Solid Apps	2	864	December 18, 2019
Unaccessible folders after trying to set up ACL with groupListings Self Host a Solid Pod	0	770	February 22, 2019
Can i use a non-public group to define access to my resources? Solid App Development FAQs	4	766	November 11, 2021

ACL: how to restrict access to a defined list of people?

Related Topics