[Yanel-dev] Policies: bug or feature?
Claudio Corrodi
claudio.corrodi at wyona.com
Fri Aug 6 12:29:42 CEST 2010
Thanks for the clarifications, it does indeed make sense to take the
first match.
Regards, Claudio
On 08/06/2010 12:48 AM, Michael Wechner wrote:
> Cedric Staub wrote:
>> Aloha
>>
>> On Thu, Aug 05, 2010 at 03:44:38PM +0200, Claudio Corrodi wrote:
>>> So it seems that the first line which matches the user is returned.
>>> Is this the intended behaviour? Another possibility would be to use
>>> the most restrictive or the most open policy that matches the user.
>>>
>>> What do you think?
>>
>> In my opinion it makes sense the way it is, but it should probably be
>> documented.
>
> please feel free to enhance
>
> http://www.yanel.org/en/documentation/security/access-policies.html
>
>> This way you can have user-specific policies on top
>> (granting those users more or less rights) and generic policies at the
>> end of the file.
>>
>> The problem with using the most restrictive match in my eyes is it makes
>> it impossible to give certain users special rights, e.g. admins.
>>
>> The problem with using the most open policy however is that it makes it
>> impossible to take rights away from users, e.g. to hide a specific page
>> from them.
>
> this is an important feature. For example think of a company, whereas
> all employees should have
> access to most of it, but not to the accounting/human-resources part.
>
> Cheers
>
> Michael
>
>> Since I don't know all the details here I might be wrong though.
>>
>> Cheers,
>> Cedric
>
More information about the Yanel-development
mailing list