[Yanel-dev] Order of user/group policies

Michael Wechner michael.wechner at wyona.com
Fri Nov 19 11:59:08 CET 2010


Hi

It's quite possible that a user is a member of two groups, but that 
these groups
have different permissions inside a policy. Hence it depends on how a 
policy is interpreted
by the policy manager, e.g.

- first group which matches rules
- all group policies are checked and an AND operation is applied
- all group policies are check and an OR operation is applied
- etc.

whereas this is at the moment all hidden inside the implementation.

In order to allow sorting I have recently implemented a "cut/paste" 
functionality into
the policy editor, e.g.

http://127.0.0.1:8080/yanel/from-scratch-realm/?yanel.policy=update

but the problem is that different usecases can have different order and 
hence
this user interface doesn't really make sense for policies-by-usecases, e.g.

http://127.0.0.1:8080/yanel/from-scratch-realm/?yanel.policy=update&get=policy-by-usecases

but only by user/group, e.g.

http://127.0.0.1:8080/yanel/from-scratch-realm/?yanel.policy=update&get=policy

I am currently working on this, but wanted to let you know just in case ;-)

Cheers

Michael


More information about the Yanel-development mailing list