Right evaluation

You can assign multiple roles with multiple rights to a user. The following rules apply to evaluate the rights in effect:

First Rule:           Specific right before less specific right.
Second Rule:      Allow before deny.

Rule 1 example:
Right1: Deny      TopicAccessAll             in topic_people_*
Right2: Allow     TopicAccessRead            in topic_people_germany_*
Result: Allow     TopicAccessRead            in topic_people_germany_frankfurt
Result: Deny      TopicAccessAll             in topic_people_usa
Rule 2 example:
Right 1: Deny     TopicAccessAll              in topic_people_germany_*
Right 2: Allow    TopicAccessAll              in topic_people_germany_*
Result:  Allow    TopicAccessAll             in topic_people_germany_frankfurt
Rule 1 is applied before rule 2 example:
Right 1: Allow    TopicAccessAll              in topic_people_germany_*
Right 2: Deny     TopicAccessAll              in topic_people_germany_frankfurt
Result: Deny     TopicAccessAll              in topic_people_germany_frankfurt



Figure 4:  Evaluation of Rights, Roles, and Groups

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.