grouper-dev - Re: [grouper-dev] permissions allow/deny
Subject: Grouper Developers Forum
List archive
- From: Tom Barton <>
- To:
- Subject: Re: [grouper-dev] permissions allow/deny
- Date: Thu, 12 May 2011 14:29:59 -0500
This seems similar to long-standing approaches to resolve conflicting
ACL permits and denies (for firewall & router rules, LDAP ACLs,
permissions in various file systems, globus, etc). These usually have a
declaration of "first Permit permits" or "first Deny denies",
simplifying the matter at the expense of ability to express very nuanced
conditions. Is there a simple approach here, even if it should preclude
some expressiveness?
Tom
On 5/11/2011 11:56 PM, Chris Hyzer wrote:
> Hey,
>
>
>
> I will be adding an allow/deny flag to permissions in 2.0, and there are
> inheritance issues with how the end result of the permission calculation
> will work. Here is an explanation with some scenarios and a proposed
> algorithm. If you think of other scenarios which aren’t covered please
> let me know or add them. I will be getting feedback from the
> mace-paccman group on this as well.
>
>
>
> https://spaces.internet2.edu/display/Grouper/Grouper+permissions+allow+and+deny
> <https://spaces.internet2.edu/display/Grouper/Grouper+permissions+allow+and+deny>
>
>
>
> Thanks,
>
> Chris
>
- [grouper-dev] permissions allow/deny, Chris Hyzer, 05/12/2011
- Re: [grouper-dev] permissions allow/deny, Tom Barton, 05/12/2011
- RE: [grouper-dev] permissions allow/deny, Chris Hyzer, 05/12/2011
- RE: [grouper-dev] permissions allow/deny, Chris Hyzer, 05/17/2011
- RE: [grouper-dev] permissions allow/deny, Chris Hyzer, 05/12/2011
- Re: [grouper-dev] permissions allow/deny, Tom Barton, 05/12/2011
Archive powered by MHonArc 2.6.16.