[Yanel-dev] Policies: bug or feature?
Michael Wechner
michael.wechner at wyona.com
Fri Aug 6 00:48:37 CEST 2010
Cedric Staub wrote:
> Aloha
>
> On Thu, Aug 05, 2010 at 03:44:38PM +0200, Claudio Corrodi wrote:
>
>> So it seems that the first line which matches the user is returned.
>> Is this the intended behaviour? Another possibility would be to use
>> the most restrictive or the most open policy that matches the user.
>>
>> What do you think?
>>
>
> In my opinion it makes sense the way it is, but it should probably be
> documented.
please feel free to enhance
http://www.yanel.org/en/documentation/security/access-policies.html
> This way you can have user-specific policies on top
> (granting those users more or less rights) and generic policies at the
> end of the file.
>
> The problem with using the most restrictive match in my eyes is it makes
> it impossible to give certain users special rights, e.g. admins.
>
> The problem with using the most open policy however is that it makes it
> impossible to take rights away from users, e.g. to hide a specific page
> from them.
>
this is an important feature. For example think of a company, whereas
all employees should have
access to most of it, but not to the accounting/human-resources part.
Cheers
Michael
> Since I don't know all the details here I might be wrong though.
>
> Cheers,
> Cedric
>
More information about the Yanel-development
mailing list