[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: group representation and combine algorithm
Hello, I tend to represent groups as an attribute for subject. In the request context, all the groups that the subject is member in are specified as group-id attributes in the subject context. Rules that apply for groups are defined as rule for any-user with the subject attribute of the group-id. I want that specific rules that apply to specific user override the group rules. I can achieve that by ordering the specific subject rules before any-user rules and use first-applicable combining algorithm. However I want my rules to be handled in deny-override algorithm which contradicts the group handling algorithm. Does anyone has idea how can I do it? Is there any other way to force user-specific rules to override group rules? Thanks, Yair
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]