New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No documentation on use of named ACLs #426

Veraxus opened this Issue Jul 28, 2016 · 3 comments


None yet
4 participants

Veraxus commented Jul 28, 2016

There is no documentation on use of named ACLs.


This file mentions that named ACLs "can be reused in several places." but does not specify where or how. There are no other clues in the source code, either - not in config.php or authsources.php. Likewise, the only authz documentation on the website is this:

Which does not discuss the topic of named ACLs at all. I'm not sure how to implement this feature at all since there is no documentation, samples, comments, etc at all, anywhere. Likewise, the above is only useful in circumstances where a single SP is in use. It's not useful at all if you need to specify a named ACL for a specific SP in an environment with multiple SPs.


This comment has been minimized.


thijskh commented Jul 29, 2016

It seems this functionality is currently only in use in modules/statistics/ as one of several options to grant access to the statistics web interface. That module grants access if you're the admin user, or if you're in a list of allowed userid's, or if you match a specific named acl from acl.php.


This comment has been minimized.


thijskh commented Nov 14, 2016

So obviously we could document it, but given te observations by @Veraxus and myself above, maybe just remove this functionality?

  • No documentation, samples, comments
  • Only usable when there's a single SP
  • Only usable with statistics module which provides other authz options

@thijskh thijskh added the needsinfo label Nov 19, 2018

@tvdijen tvdijen added this to the 2.0 milestone Nov 21, 2018


This comment has been minimized.


tvdijen commented Nov 21, 2018

It was decided this should be removed for 2.0. There will be no replacement for this functionality

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment