[Yanel-dev] Enhancing access policies re downward inheritance
Michael Wechner
michael.wechner at wyona.com
Fri May 15 15:29:30 CEST 2009
Hi
According to
http://www.yanel.org/en/documentation/security/access-policies.html
one can stop inheritance upwards by setting the
use-inherited-policies="false", but
there is no attribute which allows access to a node, but stop inheriting
this access downwards, for example, one
wants to give access to the node
/foo/bar/index.html
but no access to
/foo/bar/no/access/here.html
whereas this can be required in certain situations (for example in my
current situation ;-)
hence I would suggest to introduce a property called "bequeath" as follows
/foo/bar/index.html.policy
<usecase id="view">
<group id="wyona" permission="true"/>
<group id="customers" permission="true" bequeath="false"/>
</usecase>
which means the group "customers" can access the page
/foo/bar/index.html, but
this group won't have access to /foo/bar/no/access/here.html
WDYT?
Thanks
Michi
More information about the Yanel-development
mailing list