[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Combining <AttributeMatch>'s
Hi all, I am new to this list and (as is likely with most newbies) I have a question for all you XACML experts out there. Here is a quick example of and ACL rule I have with the guts removed: <Rule RuleId="SomeRule" Effect="Permit"> <Target> <Subjects> <Subject> <SubjectMatch> ...... </SubjectMatch> </Subject> <Subject> <SubjectMatch> ...... </SubjectMatch> </Subject> </Subjects> <Actions> <Action> <ActionMatch> ...... </ActionMatch> </Action> <Action> <ActionMatch> ...... </ActionMatch> </Action> </Actions> </Target> </Rule> My question is this: I gather that the above rule will allow either of the subjects to perform either of the actions (correct me if I am wrong). How would I alter this such that the request would have to match BOTH of the <Subject> tags to perform either of the actions(i.e. a logical AND on the two conditions)? An example would be that it would have to be a particular user from a particular IP address to be able to read and write to a particular file/directory. Any help greatly appreciated. Cheers, Shiv -- ***************************************** * Shiv Kaushal * * High Energy Physics * * Department of Physics and Astronomy * * The University of Manchester * * Manchester * * M13 9PL * * * * Tel: 00 44 (0) 161 275 4223 * * http://www.hep.man.ac.uk/u/shiv/ * *****************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]