[Yanel-dev] Order of user/group policies
Michael Wechner
michael.wechner at wyona.com
Fri Nov 19 11:59:08 CET 2010
Hi
It's quite possible that a user is a member of two groups, but that
these groups
have different permissions inside a policy. Hence it depends on how a
policy is interpreted
by the policy manager, e.g.
- first group which matches rules
- all group policies are checked and an AND operation is applied
- all group policies are check and an OR operation is applied
- etc.
whereas this is at the moment all hidden inside the implementation.
In order to allow sorting I have recently implemented a "cut/paste"
functionality into
the policy editor, e.g.
http://127.0.0.1:8080/yanel/from-scratch-realm/?yanel.policy=update
but the problem is that different usecases can have different order and
hence
this user interface doesn't really make sense for policies-by-usecases, e.g.
http://127.0.0.1:8080/yanel/from-scratch-realm/?yanel.policy=update&get=policy-by-usecases
but only by user/group, e.g.
http://127.0.0.1:8080/yanel/from-scratch-realm/?yanel.policy=update&get=policy
I am currently working on this, but wanted to let you know just in case ;-)
Cheers
Michael
More information about the Yanel-development
mailing list