[Yanel-dev] Policies: bug or feature?
Claudio Corrodi
claudio.corrodi at wyona.com
Thu Aug 5 15:44:38 CEST 2010
Hi
Today I was testing an application's policies where at some point I had
the following config:
<usecase id="full">
<world permission="true"/>
</usecase>
I wanted to turn on and off access for the user "bob", so I introduced
the line:
<user id="bob" permission="false"/>
I noticed that it depends where this line is inserted whether bob is
authorized or not. If I put the line before the <world> tag, then bob
isn't authorized. But if I put it after the <world> tag, the policy
manager's "authorize" function returns true.
So it seems that the first line which matches the user is returned. Is
this the intended behaviour? Another possibility would be to use the
most restrictive or the most open policy that matches the user.
What do you think?
Regards, Claudio
More information about the Yanel-development
mailing list