[Yanel-dev] Enhancing access policies re downward inheritance

Michael Wechner michael.wechner at wyona.com
Fri May 15 15:29:30 CEST 2009


Hi

According to

http://www.yanel.org/en/documentation/security/access-policies.html

one can stop inheritance upwards by setting the 
use-inherited-policies="false", but
there is no attribute which allows access to a node, but stop inheriting 
this access downwards, for example, one
wants to give access to the node

/foo/bar/index.html

but no access to

/foo/bar/no/access/here.html

whereas this can be required in certain situations (for example in my 
current situation ;-)
hence I would suggest to introduce a property called "bequeath" as follows

/foo/bar/index.html.policy

  <usecase id="view">
    <group id="wyona" permission="true"/>
    <group id="customers" permission="true" bequeath="false"/>
  </usecase>

which means the group "customers" can access the page 
/foo/bar/index.html, but
this group won't have access to  /foo/bar/no/access/here.html

WDYT?

Thanks

Michi


More information about the Yanel-development mailing list