Access permission for directories and files

Access permission are defined with a small text file, called DAFAUTH.INI, located in each directory needing protection. Each DAFAUTH.INI file affects the directory in which it is located. 

The general syntax for a DAFAUTH.INI is:

[<section name1>]
<entry1>=enable or disable
<entry2>=enable or disable
.
.

[<section name2>]
<entry1>=enable or disable
<entry2>=enable or disable
.
.

<section name> can be one of the following:

<entry> can be one of the following:

Sequence used to grant or deny access to a file or directory:

• If there IS NOT a DAFAUTH.INI file in the directory:

Access is GRANTED for every request for every group.

• If there IS a DAFAUTH.INI file in the directory:

• The search stops after the first explicit right (enable or disable) was found.
• The order in which sections and entries are written in DAFAUTH.INI does not make any difference.
• If no explicit right (enable or disable) is found, access is denied.
   

Order followed to search for rights:

1. Section [PreAuthentication].
2. Section [<file requested by the Web user>] (the long file name must be used).
3. Section [Directory].
    

For each section, entries are sought in the following order:

1. Everybody.
2. Anonymous.
3. Authenticated.
4. Groups which belong to the Web user.
5. Web user login.
6. NTAccount or DAFAccount.
7. Default.

In most cases, there are several ways to setup a unique access configuration for a directory.
The following samples show only one way for each configuration.

• In a public directory, access to NEWS.HTM is granted for DAF group "grp1" only, access to other files are free:

------------- begin file DAFAUTH.INI ---------------

[NEWS.HTM]
grp1 = enable
default = disable

[Directory]
everybody = enable

------------- end file DAFAUTH.INI -----------------

• In a protected directory, access to NEWS.HTM is free, access to other files is limited to group "grp1":

------------- begin file DAFAUTH.INI ---------------

[NEWS.HTM]
everybody = enable

[Directory]
grp1 = enable

------------- end file DAFAUTH.INI -----------------

 

• For all files in the directory, access is granted to all authenticated users, and denied to all anonymous users:

------------- begin file DAFAUTH.INI ---------------

[PreAuthentication]
Anonymous = disable
Authenticated = enable

------------- end file DAFAUTH.INI -----------------

 

• Access to all files in the directory is granted to group "grp1" and NT-forwarded users:

------------- begin file DAFAUTH.INI ---------------

[PreAuthentication]
grp1 = enable
NTAccount = enable

------------- end file DAFAUTH.INI -----------------

 

• For all files in the directory, access is granted to anonymous users only, and denied to all authenticated  users:

------------- begin file DAFAUTH.INI ---------------

[PreAuthentication]
Anonymous = enable

------------- end file DAFAUTH.INI -----------------

 

• For all files in the directory, access is granted to any NT-forwarded users, and denied to all other users:

------------- begin file DAFAUTH.INI ---------------

[PreAuthentication]
NTAccount = enable

------------- end file DAFAUTH.INI -----------------

 

• For all files in the directory, access is denied to any NT-forwarded users and anonymous users; but granted to DAF users:

------------- begin file DAFAUTH.INI ---------------

[PreAuthentication]
DAFAccount = enable

------------- end file DAFAUTH.INI -----------------

 

• Access to "GOLD.HTM" is granted to only group "goldgrp."
• Access to all files (except GOLD.HTM) is granted to group "members."
• Anonymous users can access only REGISTER.HTM:

------------- begin file DAFAUTH.INI ---------------

[register.htm]
everybody = enable

[gold.htm]
goldgrp = enable

[Directory]
members = enable

------------- end file DAFAUTH.INI -----------------