Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] permissions allow/deny

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] permissions allow/deny

Chronological Thread 
  • From: Tom Barton <>
  • To:
  • Subject: Re: [grouper-dev] permissions allow/deny
  • Date: Thu, 12 May 2011 14:29:59 -0500

This seems similar to long-standing approaches to resolve conflicting
ACL permits and denies (for firewall & router rules, LDAP ACLs,
permissions in various file systems, globus, etc). These usually have a
declaration of "first Permit permits" or "first Deny denies",
simplifying the matter at the expense of ability to express very nuanced
conditions. Is there a simple approach here, even if it should preclude
some expressiveness?


On 5/11/2011 11:56 PM, Chris Hyzer wrote:
> Hey,
> I will be adding an allow/deny flag to permissions in 2.0, and there are
> inheritance issues with how the end result of the permission calculation
> will work. Here is an explanation with some scenarios and a proposed
> algorithm. If you think of other scenarios which aren’t covered please
> let me know or add them. I will be getting feedback from the
> mace-paccman group on this as well.
> <>
> Thanks,
> Chris

Archive powered by MHonArc 2.6.16.

Top of Page