I am trying to set up access rules in Tamino and there is something I just
don’t quite understand. I would be glad if you could help me there.

Let me explain. I want to restrict access to a particular node (node1) in
the XML database. I have a created a user (user1), two groups (group1,
group2), and two acls (allowAcl, denyAcl)

‘user1’ belongs to ‘group1’ which references acl ‘allowAcl’ thus giving it
full access to ‘node1’.

‘group2’ references acl ‘denyAcl’ which gives it no access to ‘node1’.
‘group2’ has the same name as the database and thus includes all users,
except ‘user1’

The restriction works, i.e if I try to read ‘node1’ with an _XQL command, I
get the “no object returned message” although there are data in the
database.

The problem I have is how do I authenticate? I have tried the _CONNECT
command with userID=“user1”, followed by an _XQL command with the given
sessionid and sessionkey but I get the same message as above.

I cant’ see where Tamino authenticates the user. I have created a user in
collection ino:security, but I can only set the user id and the user
description. Where do I set the password? Should I create the user and/or
group in the Windows system also?

I would be glad if you could help me there.

Currently Tamino does not support authentication, just authorisation which is done via the user, groups and acl/aces. So currently the authentication has to be done by the web server. Have a look to the topic ‘Tamino Security’ in the ‘Security’ discussion forum there is dicussed how to setup your webserver if you would like use the Tamino security.