[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Combining <AttributeMatch>'s
Hi all,
I am new to this list and (as is likely with most newbies) I have a
question for all you XACML experts out there. Here is a quick example of
and ACL rule I have with the guts removed:
<Rule RuleId="SomeRule" Effect="Permit">
<Target>
<Subjects>
<Subject>
<SubjectMatch>
......
</SubjectMatch>
</Subject>
<Subject>
<SubjectMatch>
......
</SubjectMatch>
</Subject>
</Subjects>
<Actions>
<Action>
<ActionMatch>
......
</ActionMatch>
</Action>
<Action>
<ActionMatch>
......
</ActionMatch>
</Action>
</Actions>
</Target>
</Rule>
My question is this:
I gather that the above rule will allow either of the subjects to perform
either of the actions (correct me if I am wrong). How would I alter this
such that the request would have to match BOTH of the <Subject> tags to
perform either of the actions(i.e. a logical AND on the two conditions)?
An example would be that it would have to be a particular user from a
particular IP address to be able to read and write to a particular
file/directory.
Any help greatly appreciated.
Cheers,
Shiv
--
*****************************************
* Shiv Kaushal *
* High Energy Physics *
* Department of Physics and Astronomy *
* The University of Manchester *
* Manchester *
* M13 9PL *
* *
* Tel: 00 44 (0) 161 275 4223 *
* http://www.hep.man.ac.uk/u/shiv/ *
*****************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]