[Yanel-dev] Policies: bug or feature?
Cedric Staub
cedric.staub at wyona.com
Thu Aug 5 16:07:22 CEST 2010
Aloha
On Thu, Aug 05, 2010 at 03:44:38PM +0200, Claudio Corrodi wrote:
> So it seems that the first line which matches the user is returned.
> Is this the intended behaviour? Another possibility would be to use
> the most restrictive or the most open policy that matches the user.
>
> What do you think?
In my opinion it makes sense the way it is, but it should probably be
documented. This way you can have user-specific policies on top
(granting those users more or less rights) and generic policies at the
end of the file.
The problem with using the most restrictive match in my eyes is it makes
it impossible to give certain users special rights, e.g. admins.
The problem with using the most open policy however is that it makes it
impossible to take rights away from users, e.g. to hide a specific page
from them.
Since I don't know all the details here I might be wrong though.
Cheers,
Cedric
More information about the Yanel-development
mailing list