How to trace rights when user access to page

Hi,

Xwiki 7.1.2. In xwiki enabled LDAP auntithication. I create local user, for example - testuser (not in LDAP). After this user automatically added to XWikiAllGroup. I delete user from XWikiAllGroup (because I don’t want that this user have access to pages to which all LDAP users and XWikiAllGroup have access).

But I have problem, testuser still can access to all pages which access only to XWikiAllGroup. I check XWikiAllGroup and don’t see testuser in.

It is possible to trace (in logging menu) why user still have access to pages with XWikiAllGroup ?

I try to trace LDAP classes (Trace mode):

com.xpn.xwiki.plugin.ldap
com.xpn.xwiki.user.impl.LDAP

but they show in log only when user access to xwiki (not pages).

but they show in log only when user access to xwiki (not pages).

Also this log is about authentication and won’t help you for rights.

testuser still can access to all pages which access only to XWikiAllGroup.

How exactly did you made those pages accessible only by XWikiAllGroup ?

You might want to check if you enabled virtual XWikiAllGroup using property xwiki.authentication.group.allgroupimplicit in xwiki.cfg configuration file which makes all user part of XWikiAllGroup whatever is actually stored in that group.