[Yanel-dev] Policies: bug or feature?

Michael Wechner michael.wechner at wyona.com
Fri Aug 6 00:48:37 CEST 2010


Cedric Staub wrote:
> Aloha
>
> On Thu, Aug 05, 2010 at 03:44:38PM +0200, Claudio Corrodi wrote:
>   
>> So it seems that the first line which matches the user is returned.
>> Is this the intended behaviour? Another possibility would be to use
>> the most restrictive or the most open policy that matches the user.
>>
>> What do you think?
>>     
>
> In my opinion it makes sense the way it is, but it should probably be
> documented.

please feel free to enhance

http://www.yanel.org/en/documentation/security/access-policies.html

>  This way you can have user-specific policies on top
> (granting those users more or less rights) and generic policies at the
> end of the file.
>
> The problem with using the most restrictive match in my eyes is it makes
> it impossible to give certain users special rights, e.g. admins.
>
> The problem with using the most open policy however is that it makes it
> impossible to take rights away from users, e.g. to hide a specific page
> from them.
>   

this is an important feature. For example think of a company, whereas 
all employees should have
access to most of it, but not to the accounting/human-resources part.

Cheers

Michael

> Since I don't know all the details here I might be wrong though.
>
> Cheers,
> Cedric
>   



More information about the Yanel-development mailing list